WPS Excel Processing

Security checks across malware telemetry and agentic risk

Overview

This is a spreadsheet-processing skill whose local workbook editing and formula recalculation behavior fits its stated purpose, with a data-integrity caution for important files.

Install if you want an agent to process local spreadsheets with Python. For business-critical or audit-sensitive workbooks, provide explicit input and output paths and work from a copy, because formula recalculation may rewrite cached values inside the workbook file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The script modifies the provided workbook in place by rewriting the XLSX ZIP contents and injecting cached formula values, which can unexpectedly alter or corrupt the user's original file if the operation is interrupted or the XML handling is imperfect. In the context of a file-processing skill, silently mutating user-supplied documents is dangerous because users may expect analysis/recalculation to be non-destructive and may lose the only copy of important spreadsheet data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal