Excel Xlsx Zc
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a no-code Excel guidance skill that appears purpose-aligned, with only minor provenance and file-editing notes for users to notice.
This skill appears safe to use as an Excel workbook helper. Because it is designed to create and edit spreadsheets, use copies or backups for important files and confirm the installed package identity if you require strict provenance controls.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may lead the agent to modify spreadsheet files the user provides or points it to.
The skill is explicitly intended to guide workbook creation and editing, which can change local user files. This is expected for the purpose, but users should ensure edits are applied only to intended spreadsheets.
Create, inspect, and edit Microsoft Excel workbooks and XLSX files...
Use it on intended workbooks only, keep backups for important files, and review formula and formatting changes before relying on the result.
The skill’s package identity is somewhat inconsistent, which can make it harder to confirm exactly which publisher/version is being installed.
The embedded metadata does not match the registry metadata. There is no code or install step that makes this directly dangerous, but it is a provenance consistency issue.
Registry: Owner ID kn77h3j1ws389cgqcw4scgv49d81g2vg, Slug excel-xlsx-zc, Version 1.0.0; _meta.json: ownerId kn73vp5rarc3b14rc7wjcw8f8580t5d1, slug excel-xlsx, version 1.0.2
Prefer installing from a trusted registry entry and verify the owner, slug, and version if provenance matters for your environment.