format-flow 安全扫描报告 — 低风险 | ClawSafe

20 /100

format-flow

Multi-format document conversion toolkit supporting Word ↔ PDF ↔ Markdown, web pages, text formatting, Excel to JSON, and image processing

A legitimate document conversion toolkit with minor undocumented behaviors (auto-pip install, LibreOffice subprocess, network requests) that are necessary for core functionality.

技能名称format-flow

分析耗时52.4s

引擎pi

✓

可以安装

Consider adding explicit documentation about subprocess usage for dependency installation and network access for web conversion features. Pin dependency versions for supply chain safety.

安全发现 3 项

严重性	安全发现	位置
低危	Undeclared network access 文档欺骗 The web_to_markdown.py module makes HTTP GET requests to URLs, but SKILL.md does not declare network:READ capability `response = requests.get(url, headers=headers, timeout=30)` → Add network:READ to allowed-tools mapping in skill metadata or document network usage in SKILL.md	`scripts/converters/web_to_markdown.py:89`
低危	Unversioned dependency installation 供应链 Dependencies are installed via pip without version pinning, creating supply chain risk `subprocess.check_call([sys.executable, '-m', 'pip', 'install', package])` → Use version-pinned requirements or lock files: pip install package==1.2.3	`scripts/utils/dependencies.py:57`
低危	Undeclared subprocess usage 代码执行 LibreOffice 'soffice' command executed via subprocess for PDF conversion, not declared in documentation `subprocess.run(cmd, check=True, capture_output=True)` → Document shell:WRITE capability or provide alternative pure-Python fallback	`scripts/converters/word_to_pdf.py:54`

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	All converter modules read/write user-specified files
网络访问	`NONE`	`READ`	✓ 一致	web_to_markdown.py:89 requests.get(url)
命令执行	`NONE`	`WRITE`	✓ 一致	dependencies.py:57 subprocess.check_call; word_to_pdf.py:54 soffice
环境变量	`NONE`	`NONE`	—	No os.environ access found
技能调用	`NONE`	`NONE`	—	No skill self-invocation
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No database access

1 项发现

🔗

中危外部 URL 外部 URL

https://pandoc.org/installing.html

README.md:39

目录结构

15 文件 · 115.6 KB · 3903 行

Python 13f · 3140L Markdown 2f · 763L

├─ ▾ 📁 scripts

│ ├─ ▾ 📁 converters

│ │ ├─ 🐍 __init__.py Python 87L · 1.8 KB

│ │ ├─ 🐍 excel_to_json.py Python 318L · 9.5 KB

│ │ ├─ 🐍 image_processor.py Python 417L · 12.5 KB

│ │ ├─ 🐍 markdown_to_word.py Python 182L · 5.4 KB

│ │ ├─ 🐍 pdf_to_markdown.py Python 187L · 5.0 KB

│ │ ├─ 🐍 text_formatter.py Python 406L · 11.1 KB

│ │ ├─ 🐍 web_to_markdown.py Python 385L · 11.6 KB

│ │ ├─ 🐍 word_to_markdown.py Python 273L · 7.8 KB

│ │ └─ 🐍 word_to_pdf.py Python 131L · 3.8 KB

│ ├─ ▾ 📁 utils

│ │ ├─ 🐍 __init__.py Python 46L · 1.0 KB

│ │ ├─ 🐍 dependencies.py Python 191L · 5.6 KB

│ │ └─ 🐍 helpers.py Python 110L · 2.7 KB

│ └─ 🐍 convert.py Python 407L · 17.1 KB

├─ 📝 README.md Markdown 337L · 7.7 KB

└─ 📝 SKILL.md Markdown 426L · 13.1 KB

依赖分析 7 项

包名	版本	来源	已知漏洞	备注
`python-docx`	`*`	pip	否	Version not pinned
`pdfplumber`	`*`	pip	否	Version not pinned
`Pillow`	`*`	pip	否	Version not pinned
`requests`	`*`	pip	否	Version not pinned
`beautifulsoup4`	`*`	pip	否	Version not pinned
`openpyxl`	`*`	pip	否	Version not pinned
`tqdm`	`*`	pip	否	Version not pinned

安全亮点

✓ No credential harvesting - no access to API keys, tokens, or passwords

✓ No data exfiltration - no external data transmission

✓ No obfuscation - clean, readable code without base64 or eval

✓ No sensitive path access - no ~/.ssh, ~/.aws, or .env file reading

✓ No persistence mechanisms - no cron jobs or startup hooks

✓ No reverse shell or C2 infrastructure

✓ All file operations are user-controlled (input/output paths specified by user)