ClawHub

officecli-data-dashboard

Security checks across malware telemetry and agentic risk

Overview

This skill makes Excel dashboards, but it also tells the agent to routinely download and run an unpinned installer before use.

Review before installing. Prefer installing a verified, pinned officecli version yourself and disabling or ignoring the automatic install/upgrade block. Use only in an environment where running third-party installer code from GitHub is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill explicitly instructs the agent to fetch and execute remote installer scripts via curl/bash and PowerShell before performing a local dashboard task. This creates a supply-chain and arbitrary code execution risk that is unrelated to the promised .xlsx output, and the "every time before using officecli" wording increases exposure by making execution routine.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest describes a dashboard-generation skill that should only produce a single Excel file, but the body adds hidden side effects: network access, software version checks, and installation/upgrade execution. This mismatch is dangerous because users and orchestrators may grant the skill trust appropriate for document generation while it performs privileged environment changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill includes remote script download and execution without any user-facing warning, consent step, or trust boundary explanation. Even if the source is intended to be legitimate, silently executing downloaded code materially increases the chance of unsafe operation and user surprise.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal