ClawHub

Excel XLSX Formula Cleanup

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Excel workbook repair helper with no executable code, credentials, persistence, or hidden data movement.

Install only if you want Codex help with Excel workbook repair or automation. Because spreadsheets can contain sensitive business data, use it on copies of workbooks, review proposed edits before applying them, and invoke it explicitly for workbook-specific tasks rather than general spreadsheet questions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger sentences are highly generic and awkwardly broad, which increases the chance the skill will activate in contexts that only loosely mention Excel, formulas, or cleanup. In an agent environment, overbroad activation can route unrelated user requests into a workflow that inspects or modifies XLSX files, raising the risk of unintended file handling, unsafe automation, or misuse of workbook-manipulation capabilities.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are extremely broad, unnatural, and partially duplicate the demand text, which increases the chance that unrelated user prompts could accidentally invoke the skill. Because this skill operates on Excel workbooks involving formulas, Power Query, pivots, and VBA preservation, unintended activation could cause the agent to take risky file-handling or transformation steps in the wrong context.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description and trigger conditions are broad and keyword-driven, which can cause the skill to be invoked for loosely related Excel requests rather than only for the narrowly intended workbook-repair scenarios. In an agent system, over-broad activation increases the chance of unintended file-handling, formula/macro guidance, or misleading task routing, especially because the skill covers sensitive workbook features like VBA, Power Query, and corruption recovery.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The example trigger phrases are written as natural, generic help requests and do not impose meaningful constraints on when the skill should be selected. This makes accidental activation more likely, and in the context of an Excel automation/helper skill, that can steer the agent into performing risky workbook operations or giving inappropriate remediation steps for files involving formulas, macros, or data connections.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The default prompt is broad enough that the skill may be invoked for a wide range of Excel-related issues without strong user intent or tighter scope checks. Because this skill is designed to inspect and modify complex XLSX workbooks while preserving formulas, VBA, pivots, and business logic, unintended activation could lead to unnecessary access to sensitive spreadsheet contents or unintended workbook changes.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger sentence is overly broad and malformed enough that it could activate the skill for generic Excel-related requests without clear boundaries. In an agent environment, broad triggers can cause inappropriate routing to a file-manipulation skill, increasing the chance of unsafe workbook handling, unintended automation, or use in contexts the skill was not meant to cover.

Vague Triggers

Medium
Confidence
92% confidence
Finding
This activation phrase is broad and lacks scope constraints, making it easier for the skill to be invoked on loosely related spreadsheet requests. Because the skill concerns complex Excel workbooks that may contain macros, queries, and embedded business logic, over-triggering raises the risk of the agent taking unnecessary or unsafe actions on sensitive files.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal