Oathe Security Badge

Is SpillwaveSolutions/plantuml safe?

https://github.com/SpillwaveSolutions/plantuml

87
SAFE

This PlantUML skill appears legitimate and safe, providing comprehensive diagram generation and conversion capabilities. The main security concern is the presence of executable Python scripts, though these appear to be genuine utilities for PlantUML processing rather than malicious code.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 70/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (1)

MEDIUM Executable Python Scripts Present -30

The skill contains 5 Python scripts (process_markdown_puml.py, extract_and_convert_puml.py, check_setup.py, convert_puml.py, resilient_processor.py) that could execute arbitrary code. While these appear to be legitimate PlantUML processing utilities matching the skill's stated purpose, executable code always represents a potential security risk.