openclawkit-excel

Security checks across malware telemetry and agentic risk

Overview

This Excel helper only performs local spreadsheet operations, with the main caution that chosen output files or sheets can be overwritten during normal use.

Use explicit input and output paths, keep backups of important spreadsheets, and avoid pointing output paths at originals unless you intend to replace or update them. VirusTotal was still pending, but static and artifact review did not show malicious behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill advertises file creation, writing, merging, and report generation without warning that these operations can overwrite or modify existing files. In an agent setting, lack of explicit destructive-operation warnings increases the chance of accidental data loss or unintended modification of user spreadsheets, especially when output paths overlap with important files.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal