xlsx

Security checks across malware telemetry and agentic risk

Overview

This spreadsheet skill mostly does what it claims, but its recalculation helper persistently modifies the user's LibreOffice macro profile in a way users should review first.

Install only if you are comfortable with a spreadsheet skill that can create or modify workbook files and, when recalculating formulas, can write a persistent LibreOffice Basic macro into your normal LibreOffice profile. Prefer running it in a disposable environment or backing up your LibreOffice macro folder and important spreadsheets first, especially before using it on business-critical models.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill instructs the agent to write spreadsheet files and invoke shell commands (`python recalc.py ...`) but does not declare corresponding permissions. That creates a capability/permission mismatch that can bypass user expectations and platform controls, especially when handling existing files or running local tooling.

Vague Triggers

Medium

Confidence: 77% confidence
Finding: The activation criteria are very broad ('when Claude needs to work with spreadsheets') and do not define boundaries for read-only analysis versus destructive edits. Over-broad triggering can cause the skill to activate in contexts where the user did not clearly consent to file creation, modification, or recalculation, increasing the chance of unintended actions on sensitive documents.

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: The examples normalize writing output files and recalculating them without any user-facing warning that files will be created or modified. In an agent setting, omission of that disclosure can lead to silent filesystem changes and unexpected handling of user data.

Missing User Warnings

High

Confidence: 91% confidence
Finding: The documentation recommends structural edits such as inserting rows, deleting columns, and adding sheets to existing workbooks without warning about destructive consequences like broken formulas, altered references, or irreversible data loss. In a spreadsheet-editing skill, these operations are especially risky because they can silently corrupt business-critical models or records.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script silently writes a persistent LibreOffice Basic macro into the user's profile-level macro directory. Persisting executable macro code in an application profile without explicit consent changes the user's environment and can create a lasting execution foothold or unexpected trust boundary expansion for future LibreOffice sessions.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal