ClawHub

语音Excel编辑助手

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-built for voice-driven Excel editing, but it deserves review because it can automatically install unpinned Python packages and perform workbook-changing actions from transcribed audio.

Install only if you are comfortable sending the audio instruction to SenseAudio and retaining local transcripts/logs. Run it in an isolated virtual environment, preinstall or pin requests and openpyxl yourself, review operation_plan.json before execution, and keep the original workbook until the modified output is verified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
except ImportError:
        print(f"缺少 {pip_name},正在自动安装...", file=sys.stderr)

    result = subprocess.run(
        [sys.executable, "-m", "pip", "install", pip_name],
        stdout=subprocess.PIPE,
        stderr=subprocess.PIPE,
Confidence
94% confidence
Finding
result = subprocess.run( [sys.executable, "-m", "pip", "install", pip_name], stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True, )

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill performs sensitive actions including shell execution, network access, environment variable use, and file read/write against user-supplied Excel and audio inputs, but it does not declare explicit permissions. That mismatch is dangerous because it weakens platform policy enforcement and informed review, making it easier for a high-capability skill to run with less scrutiny than its behavior warrants.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Auto-installing Python packages during execution is a real security issue because it allows network-fetched code to be introduced into the runtime environment on demand, outside normal supply-chain controls. In this skill context, the behavior is not necessary for processing Excel/audio at runtime and makes compromise of the host or environment more plausible if package resolution or indexes are manipulated.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill can be invoked implicitly without any trigger constraints, even though it performs high-impact actions: transcribing user audio, generating structured edit plans, and modifying uploaded Excel workbooks. This increases the chance of unintended activation on loosely related requests, which can cause unauthorized file changes, formula/structure edits, or privacy-sensitive processing without clear user confirmation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The schema exposes destructive actions such as clear, delete rows, and delete columns without requiring confirmation, dry-run behavior, backup creation, or explicit user acknowledgment. In this skill context, voice transcription ambiguity and automated execution increase the risk of accidental irreversible workbook modification or data loss from misheard or underspecified commands.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The transcription flow uploads user-supplied audio to a remote API endpoint, but the code provides no explicit user-facing consent, warning, or policy gate before transmission. Because audio may contain sensitive business or personal information, silent exfiltration to a third-party service creates a meaningful privacy and data-governance risk in this skill’s context.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal