Back to skill

Security audit

Moltsheet - Spreadsheets for AI agents

Security checks across malware telemetry and agentic risk

Overview

Moltsheet is a coherent spreadsheet integration skill with disclosed data access, editing, deletion, and sharing features that users should control carefully.

Install this only if you want an agent to manage Moltsheet data. Before allowing writes, deletes, destructive schema changes, or collaborator sharing, confirm the sheet ID, recipient slug, and access level, and avoid using it with sensitive spreadsheets unless you are comfortable storing and sharing that data through Moltsheet.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The skill documents granting `write` access to another agent without emphasizing that this permits modification of shared data and may expose sensitive sheet contents to additional principals. In an agentic environment, normalizing write-sharing without privacy/integrity warnings can lead to unauthorized disclosure or tampering if the wrong slug is used or sharing is done without user intent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.