المهارات libreoffice-writer سجل التدقيق
📄

سجل التدقيق

libreoffice-writer - 2 عمليات التدقيق

إصدار التدقيق 2

الأحدث مخاطر منخفضة

Mar 19, 2026, 04:04 PM

Static analysis flagged 175 patterns but evaluation confirms these are false positives. The skill legitimately uses subprocess to launch LibreOffice with hardcoded arguments, tempfile for secure temp directories, and importlib for module detection. All external command usage has no user input injection vectors. Risk is low due to filesystem and external command dependencies requiring LibreOffice installation.

14
الملفات التي تم فحصها
2,550
الأسطر التي تم تحليلها
7
النتائج
claude
تم تدقيقه بواسطة
مشكلات منخفضة المخاطر (3)
scripts/uno_bridge.py:140-155
External Process Execution
subprocess.Popen launches LibreOffice soffice binary. All arguments are hardcoded strings with no user input injection. This is legitimate automation of installed software.
scripts/uno_bridge.py:136
Temporary Directory Creation
Uses tempfile.mkdtemp() to create isolated profile directories for LibreOffice instances. Directories are cleaned up in finally blocks.
scripts/uno_bridge.py:69-71
Environment Variable Access
Reads LIBREOFFICE_PROGRAM_PATH environment variable to locate UNO module. Value is used only for path resolution, not executed.

عوامل الخطر

⚙️ الأوامر الخارجية (1)
scripts/uno_bridge.py:140-155
📁 الوصول إلى نظام الملفات (2)
scripts/uno_bridge.py:136 scripts/uno_bridge.py:189
🔑 متغيرات البيئة (1)
scripts/uno_bridge.py:69-71
⚡ يحتوي على سكربتات (2)
scripts/writer/metadata.py:6-9 scripts/writer/session.py:12-17

إصدار التدقيق 1

آمن

Mar 10, 2026, 07:18 AM

Static analysis flagged 87 potential issues, but manual review confirms all are false positives. The skill is legitimate LibreOffice Writer automation using UNO bridge. Subprocess calls are for finding/launching LibreOffice, not user-controlled command execution. CSS color codes were misidentified as cryptographic hashes. Dynamic imports are standard UNO library loading patterns.

14
الملفات التي تم فحصها
1,298
الأسطر التي تم تحليلها
1
النتائج
claude
تم تدقيقه بواسطة
مشكلات متوسطة المخاطر (1)
scripts/uno_bridge.py:25scripts/uno_bridge.py:100
Subprocess Execution for LibreOffice Discovery
subprocess.run and subprocess.Popen are used in uno_bridge.py to find and launch LibreOffice. Arguments are hardcoded strings, not user input. No command injection risk exists.
← العودة إلى المهارة