ClawHub

xlsx

Security checks across malware telemetry and agentic risk

Overview

The spreadsheet skill is mostly aligned with its purpose, but it needs review because its recalculation helper persistently modifies the user's LibreOffice profile by installing an application macro.

Install only if you are comfortable with a spreadsheet helper that can modify local workbooks and add a persistent LibreOffice macro to your user profile. Use copies of important files, avoid running it on untrusted spreadsheets, and check or back up any existing LibreOffice Basic macros before using the recalculation script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script persistently writes a LibreOffice Basic macro into the user's application profile and then executes it, creating an undisclosed modification to the host environment outside the target spreadsheet. That persistence expands the trust boundary of a spreadsheet helper and can affect later LibreOffice sessions or collide with existing macros, making the skill more dangerous than its stated recalculation purpose suggests.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The activation criteria are extremely broad and could trigger on many normal spreadsheet-related requests, causing the agent to invoke a high-capability skill more often than necessary. Over-broad matching increases exposure to file access and shell-based workflows in situations where simpler, safer handling would suffice.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code silently writes Module1.xba into the user's LibreOffice profile without warning, consent, or cleanup. Even if the macro body is simple, undisclosed persistent file writes in a user profile are a significant side effect for a utility skill and can surprise users, interfere with existing configuration, or leave behind executable content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal