ClawHub

Skill to manage and update google sheet

Security checks across malware telemetry and agentic risk

Overview

This Google Sheets skill does what it says, but it can change or delete spreadsheet data if given access.

Install only if you intend to let the agent read and modify Google Sheets. Use a dedicated Google service account, share only the specific spreadsheets it should access, keep the JSON key out of version control and shared folders, and double-check spreadsheet IDs, ranges, and sheet names before allowing write, clear, or delete commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill explicitly requires environment-based credentials and network access to Google Sheets, but the documentation does not declare permissions or clearly scope those capabilities. This can mislead users and orchestration systems about the skill's access level, increasing the risk of unintended credential exposure or external data access.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documented commands include destructive actions such as clear, deleteSheet, overwrite-style write operations, and formatting/layout changes without warning that they can permanently modify spreadsheet contents or structure. In an agent setting, this raises the chance of accidental destructive actions against production spreadsheets.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The setup instructions tell users to store a Google service account JSON key in common filesystem locations or via an environment variable, but do not warn about secret sensitivity, rotation, access control, or accidental inclusion in repositories. Because service account keys grant API access, poor handling can lead to unauthorized spreadsheet access and data exposure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The clear command performs destructive data removal immediately with no confirmation, dry-run, or explicit warning. In an agent skill context, where arguments may be generated or passed automatically, this increases the chance of accidental or unauthorized data loss from the targeted spreadsheet range.

Missing User Warnings

High
Confidence
96% confidence
Finding
The deleteSheet operation permanently removes an entire worksheet tab without any safeguard, confirmation step, or soft-delete behavior. In this skill's context, the service account may have broad write access, so a mistaken or adversarial invocation could cause significant data loss across shared business documents.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal