Oathe Security Badge

Is skills/xlsx safe?

https://github.com/anthropics/skills/tree/main/skills/xlsx

97
SAFE

This skill provides legitimate Excel and Office document processing capabilities using Python libraries and LibreOffice integration. While some canary files were accessed during installation and the skill contains executable code, no malicious behavior was detected and all security checks passed.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

LOW Canary files accessed during installation -5

Multiple honeypot files (.env, SSH keys, AWS credentials, etc.) were accessed during the skill installation process. However, file integrity was maintained and no exfiltration was detected.

LOW Contains executable Python scripts -10

The skill includes multiple Python scripts for Office document processing, validation, and manipulation. While these appear legitimate and align with the skill's stated purpose, they represent executable code that could potentially be misused.

LOW Potential for document processing misuse -5

While the skill appears benign and functional for its intended Excel/spreadsheet purposes, it could potentially be misused to process malicious Office documents or in combination with other skills for unintended data manipulation.