감사 이력 - docx

감사 버전 4

최신 안전

Jan 17, 2026, 06:51 AM

This is a legitimate document processing skill with no security concerns. All 1146 static findings are false positives: documentation code blocks (pandoc, soffice commands), OOXML schema namespace URLs, and XML attribute names misidentified as crypto/C2 patterns. The code uses safe XML parsing (defusedxml) to prevent XXE attacks.

61

스캔된 파일

25,568

분석된 줄 수

3

발견 사항

claude

감사자

보안 문제를 찾지 못했습니다

위험 요인

📁 파일 시스템 액세스 (3)

scripts/utilities.py:37-38 scripts/document.py:36 ooxml/scripts/unpack.py:1-30

🌐 네트워크 접근 (2)

LICENSE.txt:8-9 ooxml/schemas/microsoft/wml-2012.xsd:1-5

⚡ 스크립트 포함 (2)

ooxml/scripts/pack.py:1-160 ooxml/scripts/validation/base.py:1-100

감사 버전 3

안전

Jan 17, 2026, 06:51 AM

This is a legitimate document processing skill with no security concerns. All 1146 static findings are false positives: documentation code blocks (pandoc, soffice commands), OOXML schema namespace URLs, and XML attribute names misidentified as crypto/C2 patterns. The code uses safe XML parsing (defusedxml) to prevent XXE attacks.

61

스캔된 파일

25,568

분석된 줄 수

3

발견 사항

claude

감사자

보안 문제를 찾지 못했습니다

위험 요인

📁 파일 시스템 액세스 (3)

scripts/utilities.py:37-38 scripts/document.py:36 ooxml/scripts/unpack.py:1-30

🌐 네트워크 접근 (2)

LICENSE.txt:8-9 ooxml/schemas/microsoft/wml-2012.xsd:1-5

⚡ 스크립트 포함 (2)

ooxml/scripts/pack.py:1-160 ooxml/scripts/validation/base.py:1-100

감사 버전 2

안전

Jan 12, 2026, 04:27 PM

This is a legitimate document processing skill with no security concerns. All static findings are false positives: documentation code blocks (pandoc, soffice commands), OOXML schema namespace URLs, and XML attribute names misidentified as crypto/C2 patterns. The code uses safe XML parsing (defusedxml) to prevent XXE attacks.

59

스캔된 파일

24,761

분석된 줄 수

3

발견 사항

claude

감사자

보안 문제를 찾지 못했습니다

위험 요인

⚡ 스크립트 포함 (2)

ooxml/scripts/pack.py:1-160 ooxml/scripts/validation/base.py:1-100

🌐 네트워크 접근 (2)

LICENSE.txt:8-9 ooxml/schemas/microsoft/wml-2012.xsd:1-5

📁 파일 시스템 액세스 (3)

scripts/utilities.py:37-38 scripts/document.py:36 ooxml/scripts/unpack.py:1-30

감사 버전 1

낮은 위험

Jan 4, 2026, 05:14 PM

This is a legitimate document processing skill with controlled filesystem access and secure XML parsing. Uses defusedxml library to prevent XXE attacks. External commands (soffice, git) are called with hardcoded paths and controlled arguments. Operations are confined to user-specified files within designated workspaces.

23

스캔된 파일

5,590

분석된 줄 수

4

발견 사항

claude

감사자

중간 위험 문제 (1)

ooxml/scripts/pack.py:103-116 ooxml/scripts/validation/redlining.py:153-163

External command execution for validation

The skill executes external commands (soffice and git) via subprocess.run for document validation and diff comparison. While arguments are controlled, external command execution inherently carries risk. An attacker with control over document content could potentially craft input that causes unexpected behavior. Code: pack.py lines 103-116 uses subprocess.run(['soffice', '--headless', '--convert-to', ...]) for validation

위험 요인

📁 파일 시스템 액세스 (4)

scripts/document.py:634-642 scripts/utilities.py:55-74 ooxml/scripts/unpack.py:14-17 ooxml/scripts/pack.py:64-79

⚙️ 외부 명령어 (2)

ooxml/scripts/pack.py:103-116 ooxml/scripts/validation/redlining.py:153-163

⚡ 스크립트 포함 (2)

ooxml/scripts/pack.py:1-160 ooxml/scripts/unpack.py:1-29