ClawHub

excel application

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it may automatically install spreadsheet libraries if they are missing.

Install only if you are comfortable with the skill reading the spreadsheet files you provide, creating a local Excel report, and potentially running pip to install pandas and openpyxl if they are missing. In locked-down or enterprise environments, preinstall reviewed dependencies or run it in an isolated environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
except ImportError:
    print("Required packages not found. Installing pandas and openpyxl...")
    import subprocess
    subprocess.check_call([sys.executable, "-m", "pip", "install", "pandas", "openpyxl", "-q"])
    import pandas as pd
    from openpyxl import Workbook
    from openpyxl.styles import Font, PatternFill, Alignment, Border, Side
Confidence
94% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "pandas", "openpyxl", "-q"])

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill documentation instructs the agent to execute a shell command to run a bundled Python script, which is a real code-execution capability despite no declared permissions. That mismatch is dangerous because it can bypass user or platform expectations about what the skill is allowed to do, and shell execution also increases the risk of unsafe argument handling or unintended command execution in downstream implementations.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Auto-installing dependencies expands the skill from spreadsheet comparison into package installation, which can execute arbitrary code during install time and pulls in unpinned external software. In environments where package sources or versions are not tightly controlled, this creates supply-chain and unexpected network/execution risk that is disproportionate to the stated purpose of the skill.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Auto-installing pandas and openpyxl at runtime is not necessary for a column-comparison utility and broadens the attack surface beyond reading spreadsheet data. Even though the package names are hardcoded, this behavior can still trigger unintended network access, dependency drift, or installation of compromised upstream packages, turning simple file processing into environment modification.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script installs packages automatically without prior warning or consent, which is unsafe for an agent skill because users may not expect network access or system changes from a spreadsheet comparison task. In managed environments this can break reproducibility, bypass administrative controls, and surprise users with execution of package installation hooks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal