admissions-cv-writing Security Report — Trusted | ClawSafe

5 /100

admissions-cv-writing

Writes study abroad admissions CVs and resumes with PDF export capability

This is a legitimate CV writing skill with standard PDF export functionality. All operations are declared, documented, and necessary for the stated purpose.

Skill Nameadmissions-cv-writing

Duration36.4s

Enginepi

✓

Safe to install

No action required. The skill is safe to use.

Findings 2 items

Severity	Finding	Location
Low	Subprocess usage for dependency management run.py uses subprocess.check_call for pip install and venv.create(). This is documented in SKILL.md and is standard practice for Python dependency isolation. `subprocess.check_call([str(VENV_PYTHON), '-m', 'pip', 'install', ...])` → Already documented. No action needed.	`scripts/export-pdf/run.py:35`
Low	Version unpinned dependencies requirements.txt specifies 'weasyprint' and 'markdown' without version pins. While not ideal for reproducibility, this is a minor concern. `weasyprint markdown` → Consider pinning versions for reproducibility, e.g., 'weasyprint>=60.0'	`scripts/export-pdf/requirements.txt:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	SKILL.md declares read access for reference files; export_pdf.py reads .md files
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md: 'python3 scripts/export-pdf/run.py'; run.py uses venv.create() and pip…
Network	`NONE`	`NONE`	—	No network calls detected; pip install is local venv only
Environment	`NONE`	`NONE`	—	No environment variable access
Database	`NONE`	`NONE`	—	No database access

File Tree

11 files · 38.9 KB · 1206 lines

Markdown 7f · 594L Python 2f · 350L CSS 1f · 260L Text 1f · 2L

├─ ▾ 📁 references

│ ├─ 📝 bullet-expansion-guide.md Markdown 30L · 1.7 KB

│ ├─ 📝 cv-format-example.md Markdown 155L · 5.7 KB

│ ├─ 📝 info-requirements.md Markdown 55L · 3.1 KB

│ ├─ 📝 quality-checklist.md Markdown 40L · 1.5 KB

│ └─ 📝 writing-instructions.md Markdown 178L · 4.7 KB

├─ ▾ 📁 scripts

│ ├─ ▾ 📁 export-pdf

│ │ ├─ ▾ 📁 css

│ │ │ └─ 📄 offerclaw.css CSS 260L · 3.7 KB

│ │ ├─ 🐍 export_pdf.py Python 294L · 8.5 KB

│ │ ├─ 📄 requirements.txt Text 2L · 20 B

│ │ └─ 🐍 run.py Python 56L · 1.3 KB

│ └─ 📝 README.md Markdown 27L · 1.3 KB

└─ 📝 SKILL.md Markdown 109L · 7.5 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`weasyprint`	`*`	pip	No	Version not pinned; legitimate PDF generation library
`markdown`	`*`	pip	No	Version not pinned; standard Markdown processor

Security Positives

✓ All functionality is fully documented in SKILL.md

✓ No credential harvesting or sensitive path access

✓ No base64-encoded commands or obfuscated code

✓ No network exfiltration or C2 indicators

✓ PDF export uses WeasyPrint, a well-established legitimate library

✓ Dependencies are isolated in a venv, protecting global environment

✓ Font loading uses safe local file URI patterns (as_uri())

✓ No eval() or dynamic code execution

✓ CSS uses standard templating with no hidden functionality

Scan Report

Findings 2 items

File Tree

Dependencies 2 items

Security Positives