xlsx
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [Dynamic Execution] (MEDIUM): The script dynamically generates a StarBasic macro file (
Module1.xba) and writes it to the user's application configuration directory at~/.config/libreoffice/4/user/basic/Standard/(on Linux) or~/Library/Application Support/LibreOffice/4/user/basic/Standard/(on macOS). This macro is then invoked at runtime to perform the recalculation. - [Command Execution] (MEDIUM): The
recalcfunction usessubprocess.runto execute thesoffice(LibreOffice) binary. It passes a custom URI (vnd.sun.star.script:Standard.Module1.RecalculateAndSave) to trigger the generated macro, along with the path to the Excel file. While it uses a list for command arguments, executing external binaries with locally generated scripts is a heightened security risk. - [Persistence Mechanisms] (LOW): The macro file written to the LibreOffice configuration directory is persistent. It remains on the system after the script finishes, modifying the behavior of the local LibreOffice installation by adding a 'RecalculateAndSave' subroutine to the 'Standard' library.
- [Unverifiable Dependencies] (SAFE): The script depends on
openpyxl, which is a standard and well-maintained library for Excel file manipulation. No suspicious or unversioned external scripts are downloaded.
Audit Metadata