Back to skill

Security audit

Google Sheet API

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Google Sheets command-line tool, but it can read and change spreadsheets when given service-account credentials.

Install this only if you want the agent to access Google Sheets shared with the configured service account. Use least-privilege sharing, keep service-account keys private, avoid inline secrets in shell history, and test destructive commands on noncritical spreadsheets first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill explicitly describes network access to Google Sheets and access to credentials via environment variables and local files, yet no declared permissions are present. In an agent ecosystem, missing permission declarations weakens transparency and policy enforcement, making it easier for a skill to access secrets and external services without clear user approval.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The CLI automatically searches for Google credentials in environment variables and common local files, then uses them without any explicit disclosure, consent, or scope preview. In an agent/skill context, this can silently leverage ambient credentials present on the host, causing unintended access to external Google Sheets data and making credential use non-obvious to the user.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The tool exposes write, append, clear, deleteSheet, renameSheet, batch, and other mutating operations that execute immediately with no confirmation prompt, dry-run mode, or policy guard. In an agent setting, a mistaken or adversarial instruction could cause destructive spreadsheet changes or data loss very easily once credentials are available.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"help": "node scripts/sheets-cli.js help"
  },
  "dependencies": {
    "googleapis": "^140.0.0"
  }
}
Confidence
92% confidence
Finding
"googleapis": "^140.0.0"

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.