ClawHub

Maybeai Sheet Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate spreadsheet API helper, but it includes ready-to-run examples that can upload, mutate, delete, export, and change sharing state without strong safety gates.

Install only if you trust MaybeAI with the spreadsheets you use and you are comfortable granting a bearer token that can read and modify documents. Before running the example scripts, use test files, set UPLOAD_ONLY where appropriate, check DOC_ID and worksheet targets, and avoid running delete, share, or overwrite examples against important workbooks without backups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
82% confidence
Finding
The manifest frames the skill as spreadsheet lifecycle management, but the file also includes sharing and visibility endpoints that change access control. Hidden or under-described permission-management features are risky because an agent may expose a sheet publicly or grant access when the user only expected data editing.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The activation scope is so broad that the skill can be selected for nearly any spreadsheet-related request, including sensitive write, delete, export, and sharing operations. Overbroad routing increases the chance of unnecessary privilege use and accidental invocation of powerful actions in contexts where a narrower read-only skill would be safer.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation normalizes destructive operations such as delete, overwrite, row/column removal, and access changes without prominent warnings or confirmation requirements. In agent-driven use, this can directly lead to irreversible data loss, workbook corruption, or unintended exposure of private spreadsheets if actions are taken from ambiguous user requests.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The skill instructs users to export a bearer token into an environment variable but does not warn that the token is a sensitive credential that grants API access. In shared shells, logs, screenshots, crash reports, or downstream scripts, such tokens can be exposed and then used to access or modify spreadsheet data remotely.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script performs a remote delete against the uploaded spreadsheet URI automatically as part of the example workflow, with no confirmation prompt, safety flag, or dry-run mode. In an agent skill context this is dangerous because a user or downstream automation may run the script expecting a demo and unintentionally delete real cloud-hosted documents.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The export step always writes to ./exported.xlsx without checking whether the file already exists or whether the caller intended local disk output. This can overwrite local data or create sensitive files on disk unexpectedly, which is especially risky in automated agent environments or shared workspaces.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script performs an irreversible worksheet deletion using a hardcoded gid-based URI with no confirmation prompt, dry-run mode, or validation that the targeted worksheet is the intended one. In an automation context, this makes accidental destructive changes much more likely, especially because the script also demonstrates multiple write operations in sequence against a live document.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script uploads an arbitrary local spreadsheet to a third-party remote API endpoint without any explicit notice, consent prompt, or data sensitivity warning. In a spreadsheet-management skill, this behavior is functionally expected, but it still creates a real privacy and data-exposure risk because users may run the example against confidential files without appreciating that contents leave the local environment.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The export step writes directly to ./workflow1_output.xlsx with -o, silently overwriting any existing file at that path. This is a low-severity destructive behavior issue because it can cause accidental data loss or clobber a user's prior output without warning.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal