Scan Report
20 /100
Word Document Generator
Document automation assistant for creating professional Word .docx files with formatting support
A legitimate Word document generation skill with subprocess usage properly declared for auto-dependency management; no malicious behavior detected.
Safe to install
Consider pinning python-docx version in production use to prevent supply chain risks from unpinned dependencies.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Unpinned python-docx dependency Supply Chain | generate-word-doc.py:20 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | create_word_file() writes .docx files to disk |
| Shell | WRITE | WRITE | ✓ Aligned | subprocess.check_call() for pip install, declared in SKILL.md |
| Environment | NONE | NONE | — | No environment variable access |
| Network | NONE | READ | ✓ Aligned | Implicit network access via pip install (PyPI download) |
File Tree
2 files · 5.8 KB · 168 lines Python 1f · 107L
Markdown 1f · 61L
├─
generate-word-doc.py
Python
└─
skill.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
python-docx | unpinned | pip | No | Installed automatically if missing, version not specified |
Security Positives
✓ Code functionality matches SKILL.md documentation exactly
✓ No credential harvesting or sensitive file access
✓ No base64 encoding, obfuscation, or anti-analysis techniques
✓ No hidden instructions or embedded payloads
✓ Uses sys.executable for pip to ensure correct Python environment
✓ Error handling present for file permissions and general exceptions
✓ No external network connections beyond documented dependency installation
✓ No reverse shell, C2, or data exfiltration behavior