Web to Excel

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to copy webpage data into Excel, but it needs review because it can auto-install packages, use a local browser debugging connection, and save workbook changes with loose final confirmation.

Install only if you are comfortable with the skill changing the selected Excel file, using your local browser debugging endpoint, and potentially installing Python packages at runtime. Use a copy of important spreadsheets, preinstall or pin dependencies yourself where possible, and manually verify the URL, sheet, row range, and field-to-column mapping before letting it save.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (5)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: # ── 自动安装依赖 ────────────────────────────────────────────────────────── for pkg in ['websockets', 'openpyxl']: if importlib.util.find_spec(pkg) is None: subprocess.check_call([sys.executable, '-m', 'pip', 'install', pkg, '-q']) # ── 通用字段映射（用户可在使用时追加/覆盖）────────────────────────────────── # 用法：在调用本脚本前，在对话中确认映射关系，然后我来执行写入。
Confidence: 95% confidence
Finding: subprocess.check_call([sys.executable, '-m', 'pip', 'install', pkg, '-q'])

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill description says it scrapes web data and writes Excel, but the code also alters the runtime by automatically installing packages. Runtime environment modification is security-sensitive because it executes package-management commands, changes system state, and can introduce supply-chain risk if packages or indexes are compromised.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: Automatic software/package installation is outside the narrow task of reading web content and updating a spreadsheet, and it expands the skill's effective privilege boundary. If abused or if package sources are unsafe, this can lead to arbitrary code execution through dependency installation.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: Auto-installing Python packages at execution time is not required to scrape a page and write Excel data, and it expands the skill's capabilities beyond its stated purpose. This creates avoidable supply-chain exposure and allows network-based package retrieval and code execution in environments where users may expect only local spreadsheet modification and browser data extraction.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The instruction to begin execution without reconfirmation is risky because the skill modifies local files and may also browse to user-provided URLs. Skipping a final confirmation increases the chance of unintended file edits, misuse from ambiguous input, and accidental writes to the wrong workbook, sheet, or row range.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal