Word Document Generator 安全扫描报告 — 低风险 | ClawSafe

20 /100

Word Document Generator

Document automation assistant for creating professional Word .docx files with formatting support

A legitimate Word document generation skill with subprocess usage properly declared for auto-dependency management; no malicious behavior detected.

技能名称Word Document Generator

分析耗时27.5s

引擎pi

✓

可以安装

Consider pinning python-docx version in production use to prevent supply chain risks from unpinned dependencies.

安全发现 1 项

严重性	安全发现	位置
低危	Unpinned python-docx dependency 供应链 The script uses 'pip install python-docx' without specifying a version. This could lead to unexpected behavior if a breaking change is released. `subprocess.check_call([sys.executable, "-m", "pip", "install", package_name])` → Pin to a specific version: pip install python-docx==0.8.11	`generate-word-doc.py:20`

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	create_word_file() writes .docx files to disk
命令执行	`WRITE`	`WRITE`	✓ 一致	subprocess.check_call() for pip install, declared in SKILL.md
环境变量	`NONE`	`NONE`	—	No environment variable access
网络访问	`NONE`	`READ`	✓ 一致	Implicit network access via pip install (PyPI download)

2 文件 · 5.8 KB · 168 行

Python 1f · 107L Markdown 1f · 61L

├─ 🐍 generate-word-doc.py Python 107L · 3.7 KB

└─ 📝 skill.md Markdown 61L · 2.2 KB

包名	版本	来源	已知漏洞	备注
`python-docx`	`unpinned`	pip	否	Installed automatically if missing, version not specified

✓ Code functionality matches SKILL.md documentation exactly

✓ No credential harvesting or sensitive file access

✓ No base64 encoding, obfuscation, or anti-analysis techniques

✓ No hidden instructions or embedded payloads

✓ Uses sys.executable for pip to ensure correct Python environment

✓ Error handling present for file permissions and general exceptions

✓ No external network connections beyond documented dependency installation

✓ No reverse shell, C2, or data exfiltration behavior