ClawHub
Back to skill

Security audit

Excel Report

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Excel report generator, but it includes under-disclosed code execution risks in template formula handling and automatic file opening.

Install only if you trust the publisher and bundled templates. Avoid third-party or edited templates until formula evaluation is replaced with a safe parser, and be cautious with sensitive business, financial, or medical data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if gen.load_data(data_path):
        result = gen.generate(output_path)
        import subprocess
        subprocess.Popen(["start", "", str(result)], shell=True)
        print(f"\n[DONE] {result}")
Confidence
98% confidence
Finding
subprocess.Popen(["start", "", str(result)], shell=True)

eval() call detected

High
Category
Dangerous Code Execution
Content
expr = re.sub(rf"\b{col}\b", f"df['{col}']", expr)
        
        try:
            result = eval(expr)
            if isinstance(result, (int, float)):
                return pd.Series([result] * len(df))
            return result
Confidence
99% confidence
Finding
result = eval(expr)

eval() call detected

High
Category
Dangerous Code Execution
Content
expr = re.sub(rf"\b{col}\b", f"df['{col}']", expr)
        
        try:
            return eval(expr)
        except:
            return pd.Series([np.nan] * len(df))
Confidence
99% confidence
Finding
return eval(expr)

eval() call detected

High
Category
Dangerous Code Execution
Content
expr = re.sub(rf"\b{col}\b", f"df['{col}']", expr)
        
        try:
            result = eval(expr)
            if isinstance(result, (int, float)):
                return pd.Series([result] * len(df))
            return result
Confidence
99% confidence
Finding
result = eval(expr)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The module advertises itself as a report generator, but it also executes a shell command to open the generated file. This hidden side effect is security-relevant because users and reviewers may not expect host-level command execution from a script whose stated purpose is only document generation.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Automatically executing a shell command to open the generated file is beyond the minimum capability needed for report generation. In an agent skill context, extra execution capability increases risk because it can trigger local programs or shell parsing without clear user intent.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
This evaluator is documented as handling template formulas, but in practice it executes arbitrary Python expressions. That mismatch is dangerous because developers may treat templates as data rather than code, allowing attacker-controlled configuration to become a code execution vector.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The specialized LAG/TOTAL handlers appear to offer constrained functionality, but both ultimately execute Python via eval(). This creates a hidden code execution path inside features that users and maintainers would reasonably assume are safe, formula-specific helpers.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly documents emailing generated reports via SMTP using environment-stored credentials, but provides no warning that report contents may contain sensitive business or personal data and will be transmitted to an external mail service. In a reporting skill, this omission is security-relevant because users may enable email export for financial, medical, retail, or banking reports without considering data leakage, retention, or credential-handling risks.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script opens the generated report immediately without warning or confirmation. In a security-sensitive automation environment, silent execution of external actions reduces user control and can facilitate abuse, especially when combined with shell invocation and path manipulation.

Missing User Warnings

High
Confidence
90% confidence
Finding
Dynamic execution of formula expressions occurs with no warning, trust boundary, or indication that templates are effectively executable code. In this skill context, templates are likely to be treated as importable configuration files, making unsafe acceptance of third-party templates more likely and increasing exploitation risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal