Security Audit

xlsx-manipulation

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

xlsx-manipulation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Excessive Permissions: `code_execution` and `file_operations` tools, Potential for Data Exfiltration and Arbitrary File Write via `file_operations` and `code_execution`.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

2 findings

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Excessive Permissions: `code_execution` and `file_operations` tools The skill manifest explicitly requests `code_execution` and `file_operations` tools. This grants the AI agent the ability to execute arbitrary code on the host system and perform any file system operations (read, write, delete, move). This is a highly privileged set of permissions that could be exploited for command injection, data exfiltration, or system compromise if the agent is prompted maliciously. Re-evaluate the necessity of `code_execution` and `file_operations`. If absolutely required, implement strict input validation and sandboxing for any code generated or executed by the agent. Consider using more granular file operation tools if available, or restricting file paths to a designated safe directory.	LLM	SKILL.md
HIGH	Potential for Data Exfiltration and Arbitrary File Write via `file_operations` and `code_execution` The skill is designed to read from and write to files, as demonstrated by functions like `import_csv_to_xlsx` and `create_monthly_report`, which accept file paths (`csv_path`, `xlsx_path`, `output_path`). Combined with the `code_execution` and `file_operations` tools, a malicious prompt could instruct the agent to read arbitrary sensitive files (e.g., `/etc/passwd`, `/proc/self/environ`) and embed their content into an Excel file, or write to arbitrary locations on the filesystem, potentially overwriting critical system files or creating malicious ones. Implement strict allow-listing or sandboxing for file paths that the agent can access or write to. Validate all file paths provided by the user to ensure they are within a designated safe directory. Avoid allowing the agent to construct arbitrary file paths from untrusted input.	LLM	SKILL.md:208

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/ea42e1a86c3414ec.svg)](https://skillshield.io/report/ea42e1a86c3414ec)