Back to skill
Skillv2.0.0
VirusTotal security
excel-parser · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:39 AM
- Hash
- 21e69bd8efdcbb39db40010621dd05630467e9d4a34365e75454d86da1133a82
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: excel-parser-skill Version: 2.0.0 The skill bundle is classified as suspicious due to the inclusion of an automatic dependency installation mechanism in scripts/excel_parser.py. The install_dependency function uses subprocess.check_call to execute 'pip install' for missing libraries (python-calamine, xlrd, openpyxl). While the package names are hardcoded and the intent appears to be user convenience, auto-installing software at runtime is a high-risk behavior that bypasses standard environment controls and could be exploited for supply chain attacks or unauthorized code execution.
- External report
- View on VirusTotal