Trust Assessment
xlsx received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 3 critical, 4 high, 1 medium, and 1 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Direct command execution via subprocess.run.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/xlsx-official/recalc.py:31 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/xlsx-official/recalc.py:84 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/xlsx-official/recalc.py:92 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'recalc'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/xlsx-official/recalc.py:92 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'setup_libreoffice_macro'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/xlsx-official/recalc.py:31 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'recalc'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/xlsx-official/recalc.py:84 | |
| HIGH | Direct command execution via subprocess.run The `recalc.py` script uses `subprocess.run` to execute `soffice` (LibreOffice) and potentially `timeout`/`gtimeout`. The `SKILL.md` instructs the AI to use this script with a filename. If the AI is prompted to pass an untrusted or malicious filename/path to `recalc.py`, it could lead to arbitrary command execution. While `subprocess.run` with a list of arguments mitigates simple shell injection through the filename, it still allows the execution of an external program (`soffice`) with potentially malicious input, or could be exploited if the AI is tricked into passing an arbitrary command string as the filename argument to `python recalc.py`. Implement strict input validation and sanitization for any user-provided filenames or paths before they are passed to `recalc.py`. Consider sandboxing the execution environment for `recalc.py` and LibreOffice. Ensure the AI agent is robustly protected against prompt injection attempts that could lead it to construct malicious arguments for `recalc.py`. | LLM | recalc.py:49 | |
| MEDIUM | Writes to user's LibreOffice configuration directory The `recalc.py` script attempts to write a LibreOffice macro file (`Module1.xba`) to the user's LibreOffice configuration directory (`~/Library/Application Support/LibreOffice/...` or `~/.config/libreoffice/...`). While intended for legitimate setup, this involves writing to a sensitive user directory outside the skill's immediate working scope. This capability, if exploited, could allow for persistent modification of the user's LibreOffice environment. Ensure the macro content is fixed and cannot be influenced by untrusted input. If possible, explore alternative methods for LibreOffice setup that do not require writing to user configuration directories at runtime, or restrict the skill's write permissions to only necessary temporary directories. | LLM | recalc.py:19 | |
| LOW | Heavy reliance on external LibreOffice application The skill's core functionality for recalculating Excel formulas is entirely dependent on the external `LibreOffice` application. This introduces a significant external dependency, meaning that vulnerabilities within LibreOffice itself could be exploited through the skill. While necessary for the skill's purpose, it's a supply chain risk that should be acknowledged. Clearly document the LibreOffice dependency. Advise users to keep LibreOffice updated to the latest secure versions. Consider running LibreOffice in a sandboxed or containerized environment to mitigate potential exploits. | LLM | recalc.py:49 |
Scan History
Embed Code
[](https://skillshield.io/report/96e5f37bd259eafa)
Powered by SkillShield