Back to skill

Security audit

Skill to manage and update google sheet

Security checks across malware telemetry and agentic risk

Overview

This Google Sheets skill does what it advertises, but users should treat it as able to read, change, and delete any spreadsheets shared with its service account.

Install only if you intend to let an agent access Google Sheets. Use a dedicated service account, share only the specific spreadsheets it needs, keep the JSON key out of repositories and shared folders, restrict file permissions, rotate keys if exposed, and double-check spreadsheet IDs, ranges, and sheet names before write, clear, or deleteSheet commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill clearly requires environment-variable access and network access to call the Google Sheets API, but those capabilities are not explicitly declared in the skill metadata. Undeclared capabilities reduce transparency and can lead to misuse or unexpected execution in environments that rely on declared permissions for policy enforcement.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The documented commands include destructive operations such as write, append, and clear without any warning about overwriting or deleting spreadsheet data. In an agent setting, this increases the risk of accidental data loss because users may invoke these commands without understanding that changes may be immediate and hard to undo.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill documents sheet deletion functionality without clearly warning that deleting a sheet tab can permanently remove data. This is especially risky in automation contexts, where a mistaken sheet name or broad instruction could destroy important content quickly.

Credential Access

High
Category
Privilege Escalation
Content
2. **Configure credentials** (one of these):
   - Set env: `GOOGLE_SERVICE_ACCOUNT_KEY=/path/to/key.json`
   - Place `service-account.json` or `credentials.json` in the skill directory
   - Place in `~/.config/google-sheets/credentials.json`

3. **Share sheets** with the service account email (found in JSON key as `client_email`)
Confidence
89% confidence
Finding
credentials.json

Credential Access

High
Category
Privilege Escalation
Content
2. **Configure credentials** (one of these):
   - Set env: `GOOGLE_SERVICE_ACCOUNT_KEY=/path/to/key.json`
   - Place `service-account.json` or `credentials.json` in the skill directory
   - Place in `~/.config/google-sheets/credentials.json`

3. **Share sheets** with the service account email (found in JSON key as `client_email`)
Confidence
74% confidence
Finding
credentials.json

Unpinned Dependencies

Low
Category
Supply Chain
Content
"sheets": "node scripts/sheets.js"
  },
  "dependencies": {
    "googleapis": "^140.0.0"
  }
}
Confidence
89% confidence
Finding
"googleapis": "^140.0.0"

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.