Scan Report
0 /100
xlsx
Comprehensive spreadsheet creation, editing, and analysis with support for formulas, formatting, data analysis, and visualization
Legitimate Excel spreadsheet skill with openpyxl and LibreOffice for formula recalculation; all capabilities are appropriate for the documented purpose with no malicious indicators.
Safe to install
No action needed. The skill is safe to use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | recalc.py:79 openpyxl writes for Excel files |
| Shell | NONE | WRITE | ✓ Aligned | recalc.py:76 subprocess.run(cmd) for LibreOffice -- benign, tool-scoped |
| Network | NONE | NONE | — | No network calls outside localhost LibreOffice |
| Environment | NONE | NONE | — | No os.environ access |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser usage |
| Database | NONE | NONE | — | No database access |
| Skill Invoke | NONE | NONE | — | No skill_invoke usage |
3 findings
Medium External URL 外部 URL
https://www.anthropic.com/legal/consumer-terms LICENSE.txt:8 Medium External URL 外部 URL
https://www.anthropic.com/legal/commercial-terms LICENSE.txt:9 Medium External URL 外部 URL
http://openoffice.org/2000/script recalc.py:38 File Tree
3 files · 18.1 KB · 497 lines Markdown 1f · 288L
Python 1f · 179L
Text 1f · 30L
├─
LICENSE.txt
Text
├─
recalc.py
Python
└─
SKILL.md
Markdown
Security Positives
✓ No credential or sensitive data access (no ~/.ssh, ~/.aws, .env, ~/.git-credentials)
✓ No data exfiltration or C2 communication
✓ No obfuscation (no base64, eval, atob patterns)
✓ No supply chain risks (no external dependencies fetched at runtime)
✓ No persistence mechanisms (no cron, systemd, or startup hooks)
✓ Subprocess usage is tightly scoped to LibreOffice binary and macro execution
✓ LibreOffice macro write is confined to its own config directory (~/.config/libreoffice)
✓ No curl|bash or wget|sh remote script execution
✓ No hidden instructions or prompt injection
✓ All file I/O is legitimate openpyxl read/write for Excel operations