data-viz-suite Security Report — Trusted | ClawSafe

5 /100

data-viz-suite

企业级BI数据可视化套件，支持图表生成、交互式仪表盘、报表导出 (PDF/HTML/Excel)

Legitimate data visualization suite with no security concerns—charts, dashboards, and reports are generated entirely with standard open-source plotting libraries and no sensitive operations.

Skill Namedata-viz-suite

Duration41.9s

Enginepi

✓

Safe to install

This skill is safe to use. No action required.

Findings 1 items

Severity	Finding	Location
Low	Undeclared matplotlib style name Doc Mismatch chart_generator.py uses matplotlib theme name 'dark_background' which is not listed in SKILL.md's documented theme options ('light', 'dark', 'corporate'). This is a minor documentation gap with zero security impact. `'dark': {'primary': '#2ca02c', 'secondary': '#d62728', 'bg': '#1a1a1a'}` → Add 'dark_background' to the documented theme list in SKILL.md, or align theme names between chart_engine.py and chart_generator.py.	`scripts/chart_generator.py:12`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`WRITE`	✓ Aligned	All writes are chart/report output files (e.g., save(), write_html(), export())
Network	`NONE`	`READ`	✓ Aligned	dashboard.py:75 loads https://cdn.plot.ly/plotly-latest.min.js for local HTML re…
Shell	`NONE`	`NONE`	—	No subprocess, os.system, popen, or shell invocation found
Environment	`NONE`	`NONE`	—	No os.environ access found
Skill Invoke	`NONE`	`NONE`	—	No skill invocation capability found
Clipboard	`NONE`	`NONE`	—	No clipboard access found
Browser	`NONE`	`NONE`	—	No browser automation found
Database	`READ`	`READ`	✓ Aligned	SQL support mentioned in docs; no actual DB driver in dependencies but connectio…

1 findings

🔗

Medium External URL 外部 URL

https://cdn.plot.ly/plotly-latest.min.js

scripts/dashboard.py:75

File Tree

10 files · 40.5 KB · 1323 lines

Python 7f · 1068L Markdown 2f · 246L Text 1f · 9L

├─ ▾ 📁 examples

│ └─ 🐍 basic_usage.py Python 152L · 4.6 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 chart_engine.py Python 202L · 7.0 KB

│ ├─ 🐍 chart_generator.py Python 89L · 3.3 KB

│ ├─ 🐍 dashboard.py Python 245L · 7.6 KB

│ └─ 🐍 report_generator.py Python 178L · 5.7 KB

├─ ▾ 📁 tests

│ ├─ 🐍 test_chart_engine.py Python 116L · 3.5 KB

│ └─ 🐍 test_chart_generator.py Python 86L · 2.9 KB

├─ 📝 README.md Markdown 122L · 2.8 KB

├─ 📄 requirements.txt Text 9L · 140 B

└─ 📝 SKILL.md Markdown 124L · 3.0 KB

Dependencies 9 items

Package	Version	Source	Known Vulns	Notes
`plotly`	`>=5.15.0`	pip	No	Version not pinned but major library with active security maintenance
`matplotlib`	`>=3.7.0`	pip	No	Version not pinned but standard visualization library
`seaborn`	`>=0.12.0`	pip	No	Version not pinned but standard visualization library
`pandas`	`>=2.0.0`	pip	No	Version not pinned but standard data library
`numpy`	`>=1.24.0`	pip	No	Version not pinned but standard numeric library
`kaleido`	`>=0.2.0`	pip	No	Plotly static image export
`openpyxl`	`>=3.1.0`	pip	No	Excel export support
`reportlab`	`>=3.6.0`	pip	No	PDF generation
`jupyter`	`>=1.0.0`	pip	No	Optional development dependency

Security Positives

✓ No shell execution, subprocess, or command injection vectors

✓ No credential harvesting or environment variable enumeration

✓ No network exfiltration or C2 communication patterns

✓ No obfuscation (base64, eval, atob) or anti-analysis techniques

✓ All network I/O is limited to loading Plotly JS from CDN for local HTML rendering

✓ Dependencies are standard, well-known data viz libraries (plotly, pandas, matplotlib, seaborn)

✓ File I/O is limited to writing user-requested chart/report output files

✓ All functionality described in SKILL.md is actually implemented in code

✓ Includes comprehensive unit tests covering core functionality

Scan Report

Findings 1 items

File Tree

Dependencies 9 items

Security Positives