Excel数据求和工具

Security checks across malware telemetry and agentic risk

Overview

This is a narrow Excel helper that reads a user-provided spreadsheet path and reports the sum of numeric values in the first column.

Install only if you are comfortable letting the skill read the specific Excel file path you provide. Use a trusted package source for openpyxl, and avoid pointing it at unrelated or sensitive spreadsheets unless you intend to calculate their first-column total.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The description triggers on broad phrases like '对 Excel 文件进行求和' and '类似操作', which can cause the skill to be invoked for loosely related requests without clear user intent. Over-broad routing can expose local file-path handling to unintended contexts and increase the chance of processing sensitive files the user did not specifically mean this skill to access.

Natural-Language Policy Violations

Medium

Confidence: 76% confidence
Finding: The skill metadata and descriptions are written to enforce Chinese-language behavior without indicating that language should follow user preference. While not directly enabling code execution or data exfiltration, forcing a language can mislead users, reduce transparency around file operations, and increase the risk of mistaken invocation or misunderstanding of what data will be processed.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal