Compétences docx Historique des audits
📄

Historique des audits

docx - 4 audits

Version de l’audit 4

Dernier Sûr

Jan 17, 2026, 06:51 AM

This is a legitimate document processing skill with no security concerns. All 1146 static findings are false positives: documentation code blocks (pandoc, soffice commands), OOXML schema namespace URLs, and XML attribute names misidentified as crypto/C2 patterns. The code uses safe XML parsing (defusedxml) to prevent XXE attacks.

61
Fichiers analysés
25,568
Lignes analysées
3
résultats
claude
Audité par
Aucun problème de sécurité trouvé

Facteurs de risque

📁 Accès au système de fichiers (3)
scripts/utilities.py:37-38 scripts/document.py:36 ooxml/scripts/unpack.py:1-30
🌐 Accès réseau (2)
LICENSE.txt:8-9 ooxml/schemas/microsoft/wml-2012.xsd:1-5
⚡ Contient des scripts (2)
ooxml/scripts/pack.py:1-160 ooxml/scripts/validation/base.py:1-100

Version de l’audit 3

Sûr

Jan 17, 2026, 06:51 AM

This is a legitimate document processing skill with no security concerns. All 1146 static findings are false positives: documentation code blocks (pandoc, soffice commands), OOXML schema namespace URLs, and XML attribute names misidentified as crypto/C2 patterns. The code uses safe XML parsing (defusedxml) to prevent XXE attacks.

61
Fichiers analysés
25,568
Lignes analysées
3
résultats
claude
Audité par
Aucun problème de sécurité trouvé

Facteurs de risque

📁 Accès au système de fichiers (3)
scripts/utilities.py:37-38 scripts/document.py:36 ooxml/scripts/unpack.py:1-30
🌐 Accès réseau (2)
LICENSE.txt:8-9 ooxml/schemas/microsoft/wml-2012.xsd:1-5
⚡ Contient des scripts (2)
ooxml/scripts/pack.py:1-160 ooxml/scripts/validation/base.py:1-100

Version de l’audit 2

Sûr

Jan 12, 2026, 04:27 PM

This is a legitimate document processing skill with no security concerns. All static findings are false positives: documentation code blocks (pandoc, soffice commands), OOXML schema namespace URLs, and XML attribute names misidentified as crypto/C2 patterns. The code uses safe XML parsing (defusedxml) to prevent XXE attacks.

59
Fichiers analysés
24,761
Lignes analysées
3
résultats
claude
Audité par
Aucun problème de sécurité trouvé

Facteurs de risque

⚡ Contient des scripts (2)
ooxml/scripts/pack.py:1-160 ooxml/scripts/validation/base.py:1-100
🌐 Accès réseau (2)
LICENSE.txt:8-9 ooxml/schemas/microsoft/wml-2012.xsd:1-5
📁 Accès au système de fichiers (3)
scripts/utilities.py:37-38 scripts/document.py:36 ooxml/scripts/unpack.py:1-30

Version de l’audit 1

Risque faible

Jan 4, 2026, 05:14 PM

This is a legitimate document processing skill with controlled filesystem access and secure XML parsing. Uses defusedxml library to prevent XXE attacks. External commands (soffice, git) are called with hardcoded paths and controlled arguments. Operations are confined to user-specified files within designated workspaces.

23
Fichiers analysés
5,590
Lignes analysées
4
résultats
claude
Audité par
Problèmes à risque moyen (1)
ooxml/scripts/pack.py:103-116ooxml/scripts/validation/redlining.py:153-163
External command execution for validation
The skill executes external commands (soffice and git) via subprocess.run for document validation and diff comparison. While arguments are controlled, external command execution inherently carries risk. An attacker with control over document content could potentially craft input that causes unexpected behavior. Code: pack.py lines 103-116 uses subprocess.run(['soffice', '--headless', '--convert-to', ...]) for validation

Facteurs de risque

📁 Accès au système de fichiers (4)
scripts/document.py:634-642 scripts/utilities.py:55-74 ooxml/scripts/unpack.py:14-17 ooxml/scripts/pack.py:64-79
⚙️ Commandes externes (2)
ooxml/scripts/pack.py:103-116 ooxml/scripts/validation/redlining.py:153-163
⚡ Contient des scripts (2)
ooxml/scripts/pack.py:1-160 ooxml/scripts/unpack.py:1-29
← Retour au skill