Compétences libreoffice-impress Historique des audits
📊

Historique des audits

libreoffice-impress - 2 audits

Version de l’audit 2

Dernier Risque faible

Mar 19, 2026, 04:01 PM

This skill provides LibreOffice Impress presentation automation via UNO API. Static analysis flagged 210 potential issues, but manual review confirms all are false positives or legitimate office automation patterns. Subprocess calls invoke hardcoded LibreOffice commands for document processing. No network exfiltration, credential access, or persistence mechanisms detected. Risk level is LOW - appropriate for publication.

13
Fichiers analysés
3,912
Lignes analysées
5
résultats
claude
Audité par
Problèmes à risque faible (2)
scripts/impress/snapshot.py:147scripts/uno_bridge.py:140
Legitimate Subprocess Usage for LibreOffice
The skill uses subprocess to invoke LibreOffice soffice commands. These are hardcoded commands with no user input injection. This is standard office automation behavior required for UNO API integration.
scripts/impress/snapshot.py:5scripts/impress/snapshot.py:73scripts/uno_bridge.py:136
Safe Temporary File Handling
Uses Python tempfile module for temporary files during presentation processing. This is standard practice for office automation with proper cleanup.

Facteurs de risque

⚙️ Commandes externes (2)
scripts/impress/snapshot.py:147 scripts/uno_bridge.py:140
⚡ Contient des scripts (5)
scripts/impress/__init__.py:4-9 scripts/impress/patch.py:10-16 scripts/impress/session.py:13-38 scripts/impress/snapshot.py:9-13 scripts/impress/targets.py:9-18
📁 Accès au système de fichiers (4)
scripts/impress/snapshot.py:5 scripts/impress/snapshot.py:73 scripts/uno_bridge.py:136 scripts/uno_bridge.py:189

Version de l’audit 1

Risque faible

Mar 10, 2026, 07:16 AM

Static analysis detected 91 high-severity patterns flagged as 'Weak cryptographic algorithm' MD5 markers and 70 'external_commands' patterns in SKILL.md documentation examples. After evaluation, all findings are false positives: MD5 markers are documentation formatting (SKILL.md:3,17-21,68), not cryptographic operations, and shell backticks are documentation examples showing proper CLI usage. The skill uses legitimate subprocess calls to LibreOffice with hardcoded arguments (scripts/uno_bridge.py:25,100, scripts/impress/snapshot.py:147) for document automation. Dynamic imports are for optional dependencies (content.py:7, core.py:5, slides.py:5, snapshot.py:9). Tempfile usage is properly scoped (snapshot.py:5,73). No evidence of malicious intent or security vulnerabilities.

18
Fichiers analysés
2,434
Lignes analysées
10
résultats
claude
Audité par

Problèmes à risque élevé (7)

SKILL.md:3SKILL.md:17-21SKILL.md:68
Misidentified MD5 Pattern in Documentation
Static scanner flagged MD5 as 'weak cryptographic algorithm' in SKILL.md. Evaluation shows these are NOT cryptographic operations - the 'MD5' strings appear in document filter names (line 14: 'Impress MS PowerPoint 2007 XML') and in example paths/format strings. No actual MD5 hashing is performed.
scripts/impress/charts.py:62-65scripts/impress/charts.py:144-147scripts/impress/content.py:36-37scripts/impress/content.py:64-65scripts/impress/content.py:122-125scripts/impress/content.py:186-189scripts/impress/content.py:256-259scripts/impress/core.py:27-28scripts/impress/core.py:37-43scripts/impress/core.py:52-53scripts/impress/core.py:67scripts/impress/core.py:83-84scripts/impress/find_replace.py:16-42scripts/impress/formatting.py:49-102scripts/impress/master.py:23-146scripts/impress/media.py:115-118scripts/impress/notes.py:24-74scripts/impress/slides.py:48-241scripts/impress/tables.py:42-150scripts/uno_bridge.py:67-134
Misidentified Weak Crypto in Python Files
Static scanner flagged MD5/CLSID values as 'weak cryptographic algorithms' in Python source files. These are actually LibreOffice chart CLSID identifiers (charts.py:62,65,144,147) and filter constants (content.py:36-37,64-65,122-125,186-189,256-259), not cryptographic operations.
scripts/impress/content.py:7-11scripts/impress/core.py:5-8scripts/impress/slides.py:5-9scripts/impress/snapshot.py:9-13
Dynamic Import Statements
Static scanner flagged dynamic import() as 'script' risk. These are legitimate lazy-loading patterns for optional UNO libraries that may not be installed until LibreOffice runtime is available.
scripts/uno_bridge.py:25scripts/uno_bridge.py:100scripts/impress/snapshot.py:147
Subprocess Calls for LibreOffice
Static scanner flagged subprocess calls. These are legitimate invocations of the LibreOffice CLI (soffice) with hardcoded arguments for document automation - no user input injection risk.
SKILL.md:9-62SKILL.md:100-139
Shell Backtick Examples in Documentation
Static scanner flagged backticks in SKILL.md as 'Ruby/shell backtick execution'. These are documentation examples showing CLI command syntax, not actual code execution in the skill.
scripts/impress/charts.py:55scripts/impress/content.py:249scripts/impress/slides.py:41
Sensitive File References
Static scanner flagged certificate/key file references. These are actually file paths to user presentations and media files, not cryptographic keys or certificates.
scripts/impress/snapshot.py:5scripts/impress/snapshot.py:73SKILL.md:110
Temp File Operations
Static scanner flagged temp file creation. These are properly scoped temporary directory operations (tempfile.TemporaryDirectory context manager) used for slide snapshot export.

Facteurs de risque

⚡ Contient des scripts (4)
scripts/impress/content.py:7-11 scripts/impress/core.py:5-8 scripts/impress/slides.py:5-9 scripts/impress/snapshot.py:9-13
⚙️ Commandes externes (70)
scripts/impress/snapshot.py:147 scripts/uno_bridge.py:25 scripts/uno_bridge.py:100 SKILL.md:9 SKILL.md:14 SKILL.md:15 SKILL.md:16 SKILL.md:17 SKILL.md:18 SKILL.md:19 SKILL.md:20 SKILL.md:21 SKILL.md:22 SKILL.md:23 SKILL.md:24 SKILL.md:25 SKILL.md:26 SKILL.md:27 SKILL.md:28 SKILL.md:29 SKILL.md:30 SKILL.md:31 SKILL.md:32 SKILL.md:33 SKILL.md:34 SKILL.md:35 SKILL.md:36 SKILL.md:37 SKILL.md:38 SKILL.md:39 SKILL.md:40 SKILL.md:41 SKILL.md:42 SKILL.md:43 SKILL.md:47 SKILL.md:48 SKILL.md:49 SKILL.md:49 SKILL.md:54 SKILL.md:54 SKILL.md:54 SKILL.md:54 SKILL.md:55 SKILL.md:55 SKILL.md:56 SKILL.md:56 SKILL.md:56 SKILL.md:56 SKILL.md:56 SKILL.md:57 SKILL.md:57 SKILL.md:57 SKILL.md:57 SKILL.md:58 SKILL.md:59 SKILL.md:62-100 SKILL.md:100-104 SKILL.md:104-107 SKILL.md:107-112 SKILL.md:112-115 SKILL.md:115-116 SKILL.md:116-117 SKILL.md:117-118 SKILL.md:118 SKILL.md:118-128 SKILL.md:128-130 SKILL.md:130-137 SKILL.md:137 SKILL.md:137-139 SKILL.md:139
📁 Accès au système de fichiers (3)
scripts/impress/snapshot.py:5 scripts/impress/snapshot.py:73 SKILL.md:110
← Retour au skill