Habilidades docx Historial de auditorías
📄

Historial de auditorías

docx - 4 auditorías

Versión de auditoría 4

Más reciente Seguro

Jan 17, 2026, 06:51 AM

This is a legitimate document processing skill with no security concerns. All 1146 static findings are false positives: documentation code blocks (pandoc, soffice commands), OOXML schema namespace URLs, and XML attribute names misidentified as crypto/C2 patterns. The code uses safe XML parsing (defusedxml) to prevent XXE attacks.

61
Archivos escaneados
25,568
Líneas analizadas
3
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

📁 Acceso al sistema de archivos (3)
scripts/utilities.py:37-38 scripts/document.py:36 ooxml/scripts/unpack.py:1-30
🌐 Acceso a red (2)
LICENSE.txt:8-9 ooxml/schemas/microsoft/wml-2012.xsd:1-5
⚡ Contiene scripts (2)
ooxml/scripts/pack.py:1-160 ooxml/scripts/validation/base.py:1-100

Versión de auditoría 3

Seguro

Jan 17, 2026, 06:51 AM

This is a legitimate document processing skill with no security concerns. All 1146 static findings are false positives: documentation code blocks (pandoc, soffice commands), OOXML schema namespace URLs, and XML attribute names misidentified as crypto/C2 patterns. The code uses safe XML parsing (defusedxml) to prevent XXE attacks.

61
Archivos escaneados
25,568
Líneas analizadas
3
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

📁 Acceso al sistema de archivos (3)
scripts/utilities.py:37-38 scripts/document.py:36 ooxml/scripts/unpack.py:1-30
🌐 Acceso a red (2)
LICENSE.txt:8-9 ooxml/schemas/microsoft/wml-2012.xsd:1-5
⚡ Contiene scripts (2)
ooxml/scripts/pack.py:1-160 ooxml/scripts/validation/base.py:1-100

Versión de auditoría 2

Seguro

Jan 12, 2026, 04:27 PM

This is a legitimate document processing skill with no security concerns. All static findings are false positives: documentation code blocks (pandoc, soffice commands), OOXML schema namespace URLs, and XML attribute names misidentified as crypto/C2 patterns. The code uses safe XML parsing (defusedxml) to prevent XXE attacks.

59
Archivos escaneados
24,761
Líneas analizadas
3
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚡ Contiene scripts (2)
ooxml/scripts/pack.py:1-160 ooxml/scripts/validation/base.py:1-100
🌐 Acceso a red (2)
LICENSE.txt:8-9 ooxml/schemas/microsoft/wml-2012.xsd:1-5
📁 Acceso al sistema de archivos (3)
scripts/utilities.py:37-38 scripts/document.py:36 ooxml/scripts/unpack.py:1-30

Versión de auditoría 1

Riesgo bajo

Jan 4, 2026, 05:14 PM

This is a legitimate document processing skill with controlled filesystem access and secure XML parsing. Uses defusedxml library to prevent XXE attacks. External commands (soffice, git) are called with hardcoded paths and controlled arguments. Operations are confined to user-specified files within designated workspaces.

23
Archivos escaneados
5,590
Líneas analizadas
4
hallazgos
claude
Auditado por
Problemas de riesgo medio (1)
ooxml/scripts/pack.py:103-116ooxml/scripts/validation/redlining.py:153-163
External command execution for validation
The skill executes external commands (soffice and git) via subprocess.run for document validation and diff comparison. While arguments are controlled, external command execution inherently carries risk. An attacker with control over document content could potentially craft input that causes unexpected behavior. Code: pack.py lines 103-116 uses subprocess.run(['soffice', '--headless', '--convert-to', ...]) for validation

Factores de riesgo

📁 Acceso al sistema de archivos (4)
scripts/document.py:634-642 scripts/utilities.py:55-74 ooxml/scripts/unpack.py:14-17 ooxml/scripts/pack.py:64-79
⚙️ Comandos externos (2)
ooxml/scripts/pack.py:103-116 ooxml/scripts/validation/redlining.py:153-163
⚡ Contiene scripts (2)
ooxml/scripts/pack.py:1-160 ooxml/scripts/unpack.py:1-29
← Volver a Skill