Security audit

gspread-sheets

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Google Sheets helper, but it can access and change shared spreadsheets if the user gives it service-account credentials.

Install only if you need Google Sheets API automation. Use a dedicated service account, share only the intended spreadsheets with it, keep the JSON key secret and out of source control, prefer the narrowest Google scopes that work for your workflow, and require exact spreadsheet IDs, worksheet names, ranges, and confirmation before bulk update, replace, clear, or delete actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill requests the full Google Drive OAuth scope in addition to the Sheets scope even though the stated purpose is batch Google Sheets operations. This unnecessarily expands the service account's effective access, increasing blast radius if the credential is misused or leaked and enabling broader file access than users would reasonably expect from a Sheets-focused skill.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The documentation instructs users to authenticate with an unrestricted Drive API scope without clear necessity for the advertised functionality. Overbroad authorization makes accidental overcollection or unauthorized access more likely and turns a single service-account compromise into access to a wider set of Drive resources.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill documents destructive operations such as `ws.clear()` and worksheet deletion without any warning, confirmation pattern, backup guidance, or scope limitation. In an agentic context, these examples can normalize irreversible data-destruction actions and make accidental or unauthorized bulk loss of spreadsheet content more likely.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill shows direct use of service-account credentials and broad API scopes without warning that the JSON key is a high-sensitivity secret or that sharing a spreadsheet with the service account grants data access. This can lead users to embed secrets insecurely, mishandle key material, or underestimate the data exposure created by the configured permissions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.