xlsx-skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is a normal Excel-spreadsheet helper, with expected cautions about installing dependencies and allowing local spreadsheets to be read or written.
This skill appears safe for normal spreadsheet work. Before installing, verify the Python and optional LibreOffice dependencies, use a virtual environment if possible, and only let the agent read or edit spreadsheets whose contents you are comfortable sharing in the session.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on private or important spreadsheets, the agent may expose their contents in conversation or create/overwrite output files.
The skill teaches the agent how to read and save spreadsheet files. This is central to the skill's purpose, but it means user-invoked use can access or modify local files.
df = pd.read_excel('file.xlsx') ... wb.save('output.xlsx')Use explicit filenames and output paths, work on copies of important spreadsheets, and review generated files before relying on them.
Installing these dependencies can change the local Python or Homebrew environment and relies on external package sources.
The skill asks the user to install third-party packages and an optional external application. This is expected for spreadsheet processing, but versions are not pinned and installation is outside a formal install spec.
pip install pandas openpyxl xlsxwriter ... brew install --cask libreoffice
Install dependencies from trusted package managers, preferably in a virtual environment, and pin versions if reproducibility matters.