Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
officecli-xlsx
v1.0.2Use this skill any time a .xlsx file is involved -- as input, output, or both. This includes: creating spreadsheets, financial models, dashboards, or tracker...
⭐ 0· 68·0 current·0 all-time
by瓦砾@iceyliu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with the CLI usage shown: all commands operate on .xlsx workbooks and related artifacts. However, the package metadata contains no install specification even though the runtime instructions mandate installing a third-party 'officecli' binary — that mismatch (instructions expect a network-installed binary not declared in the registry metadata) is noteworthy.
Instruction Scope
SKILL.md tells the agent to run shell commands that download and execute a remote install script (curl | bash) and to call GitHub APIs. It also exposes a 'raw-set' XML escape hatch that allows arbitrary XML modifications. These are within spreadsheet manipulation functionally, but downloading/executing remote scripts and providing a raw XML write path significantly expands what the agent will do beyond simple file parsing/editing and could be abused to run arbitrary code or alter system state.
Install Mechanism
No formal install spec is registered, yet the instructions require fetching https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.sh and executing it. This is a high-risk pattern (remote script download-and-execute) because the script's contents are not provided, there's no checksum/signature, and the source 'iOfficeAI/OfficeCli' is not verified in the registry metadata.
Credentials
The skill does not request environment variables, credentials, or config paths. All declared operations relate to spreadsheet files and local CLI commands, so requested secrets/access are proportional to the stated purpose.
Persistence & Privilege
always:false and no system-level modifications are declared. However, the agent is allowed to invoke the skill autonomously (default) and the instructions include installing/upgrading a CLI from the network — combining autonomous invocation with automatic remote installer execution increases blast radius if the installer or upstream repo is compromised.
What to consider before installing
This skill appears to do what it says (xlsx editing) but instructs the agent to download-and-run an installer from a remote GitHub URL — a risky supply-chain action. Before installing or allowing autonomous use: 1) Inspect the installer script at https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.sh manually (do not run it blind). 2) Prefer an install method with signed releases or checksums (GitHub releases with checksums) or use a vetted package from your OS package manager. 3) If you must run the installer, test in an isolated environment (VM/container) and audit network calls it makes. 4) Consider disabling autonomous invocation for this skill until you trust the upstream repo, or run officecli yourself and keep the agent blocked from performing installs. 5) If you rely on this skill in production, request provenance (who maintains iOfficeAI/OfficeCli), release signatures, and an explicit install spec in the registry.Like a lobster shell, security has layers — review code before you run it.
latestvk975aj4jxy8w23c9wstvv900y9840b6e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.