ClawHub

Image To Excel

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it can automatically install a Python package at runtime and write Excel files without clear dependency or overwrite controls.

Review before installing. This skill appears purpose-aligned for converting extracted table data into Excel, but it should be used only in an environment where runtime pip installs are acceptable. Prefer preinstalling or pinning openpyxl yourself, and choose a non-existing or disposable output filename to avoid accidental overwrite.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
except ImportError:
    print("Missing openpyxl, installing...")
    import subprocess
    subprocess.check_call([sys.executable, "-m", "pip", "install", "openpyxl", "-q"])
    from openpyxl import Workbook
    from openpyxl.styles import Font, Alignment, Border, Side, PatternFill
    from openpyxl.utils import get_column_letter
Confidence
93% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "openpyxl", "-q"])

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill invokes a shell command (`python3 scripts/gen_excel.py ...`) but does not declare any permissions for shell/code execution. Undeclared execution capability weakens platform trust and review controls, and if the JSON or output path are ever influenced unexpectedly, it expands the attack surface for command execution or unsafe file operations.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Automatically installing Python packages at runtime gives the script package-management capability that is unnecessary for its stated task and causes it to fetch and execute third-party code dynamically. This is risky in agent environments because execution may occur with elevated privileges, restricted egress assumptions may be broken, and supply-chain controls are bypassed.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill writes an `.xlsx` file to disk at a fixed path without upfront warning about file creation or possible overwrite behavior. This can lead to unintentional data loss, confusion about where files are stored, or replacement of an existing file in the workspace, especially in automated agent workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal