Trust Assessment
xlsx received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 8 findings: 3 critical, 4 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Execution of external office suite with user-controlled input.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings8
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | document-skills/xlsx/recalc.py:31 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | document-skills/xlsx/recalc.py:84 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | document-skills/xlsx/recalc.py:92 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'recalc'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | document-skills/xlsx/recalc.py:92 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'setup_libreoffice_macro'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | document-skills/xlsx/recalc.py:31 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'recalc'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | document-skills/xlsx/recalc.py:84 | |
| HIGH | Execution of external office suite with user-controlled input The `recalc.py` script uses `subprocess.run` to execute the `soffice` (LibreOffice) application. The path to the Excel file (`filename`) is taken directly from user input (`sys.argv[1]`) and passed as an argument to `soffice`. Executing a full office suite like LibreOffice grants broad system access and relies heavily on the security of the external application. While `subprocess.run` with a list of arguments mitigates direct shell command injection, a malicious Excel file could exploit vulnerabilities within LibreOffice itself (e.g., arbitrary code execution via specially crafted documents or arguments) when opened by the skill, turning the skill into an attack vector. This represents an excessive permission as the skill can invoke a powerful external binary with user-controlled data. Minimize reliance on external, complex binaries for core functionality. If `soffice` must be used, consider sandboxing the execution environment (e.g., Docker, chroot) to limit its potential impact. Implement strict validation and sanitization of the input `filename` to prevent any potential misinterpretation by `soffice` as command-line options. Ensure LibreOffice is always kept up-to-date to patch known vulnerabilities. Alternatively, explore pure Python libraries for recalculation if feasible, or restrict the types of Excel files that can be processed. | LLM | recalc.py:56 | |
| MEDIUM | Writing LibreOffice macro to user configuration directory The `setup_libreoffice_macro` function writes a StarBasic macro file (`Module1.xba`) to the user's LibreOffice configuration directory (`~/Library/Application Support/LibreOffice/...` or `~/.config/libreoffice/...`). While the macro content is hardcoded and appears benign, the ability to write to application configuration directories demonstrates a broad filesystem write permission. If the script were compromised or if the macro content were not fixed, this could be used to inject malicious code into the user's LibreOffice environment, potentially leading to arbitrary code execution when LibreOffice is launched or a document is opened. If possible, avoid writing directly to user application configuration directories. If necessary, ensure the content written is strictly controlled and verified. Consider using a temporary, isolated LibreOffice profile for execution to prevent modification of the user's primary configuration. Clearly document this behavior to users. | LLM | recalc.py:20 |
Scan History
Embed Code
[](https://skillshield.io/report/4399be51053f41e8)
Powered by SkillShield