Excel Formula

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Excel formula helper, with the main caveat that one local helper script keeps a searchable history of some user inputs on disk.

Reasonable to install for spreadsheet formula help. Be aware that the command-line helper may keep a local history of some formula snippets or search terms; avoid sensitive workbook data, set EXCEL_DIR to a controlled location, or clear the history file if needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script persistently logs user queries, including formulas and lookup terms, to a history file under the user's data directory without notice or consent. Spreadsheet formulas and references can contain sensitive business logic, internal sheet structure, identifiers, or embedded secrets, so silent retention increases the risk of privacy leakage and unintended local disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal