xlsx技能

Security checks across malware telemetry and agentic risk

Overview

This spreadsheet skill appears purpose-related, but it needs review because its formula recalculation helper can run LibreOffice, modify workbooks, and leave a persistent macro in the user's LibreOffice profile.

Review before installing. Use copies of important spreadsheets, and install only if you are comfortable with local LibreOffice execution, workbook saves, and a macro being left in your LibreOffice profile. Prefer an updated version that asks before profile changes, uses a temporary LibreOffice profile, cleans up the macro, and removes shell=True.

SkillSpector

By NVIDIA

Vulnerability Patterns

Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: if platform.system() == "Windows": return True try: subprocess.run(["timeout", "--version"], capture_output=True, timeout=1, check=False, shell=True) return True except (FileNotFoundError, subprocess.TimeoutExpired): return False
Confidence: 96% confidence
Finding: subprocess.run(["timeout", "--version"], capture_output=True, timeout=1, check=False, shell=True)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill declares no permissions while explicitly instructing use of environment variables, reading and writing spreadsheet files, and executing shell commands to run a recalculation script. This creates a transparency and trust problem: users or policy systems may treat the skill as lower risk than it really is, even though it can modify local files and invoke external software.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The skill is presented as a broad spreadsheet assistant, but its documented behavior includes installing a LibreOffice macro into the user's profile and running LibreOffice headlessly via subprocess. That hidden persistence-like modification and external execution materially exceed what many users would infer from a normal spreadsheet-editing skill, increasing the risk of unauthorized local changes and abuse of trust.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script silently writes a persistent LibreOffice application macro into the user's profile and then uses it to modify and save the workbook. This creates undeclared side effects outside the target file, weakens user trust boundaries, and may leave behind executable macro code in a global office profile that affects future sessions.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal