month-end-close 安全扫描报告 — 可信 | ClawSafe

10 /100

month-end-close

Orchestrate and validate the full month-end close for a QBO client

Documentation-only skill with no implementation code present; all described functionality references a non-existent script.

技能名称month-end-close

分析耗时28.6s

引擎pi

✓

可以安装

This skill requires actual implementation files (scripts/pipelines/month-end-close.py) before it can be functional. Add allowed-tools declaration and dependencies file (requirements.txt) for complete documentation.

安全发现 2 项

严重性	安全发现	位置
低危	Referenced script does not exist 文档欺骗 SKILL.md declares script location as scripts/pipelines/month-end-close.py but this file does not exist in the repository `scripts/pipelines/month-end-close.py` → Add the implementation script or update SKILL.md to remove this reference	`SKILL.md:21`
低危	Missing allowed-tools declaration 文档欺骗 Skill metadata lacks allowed-tools declaration which is required for proper capability mapping `No allowed-tools in frontmatter` → Add allowed-tools declaration to frontmatter (e.g., allowed-tools: Read, Bash)	`SKILL.md:1`

资源类型	声明权限	推断权限	状态	证据
文件系统	`UNKNOWN`	`NONE`	✓ 一致	No code present to infer
网络访问	`UNKNOWN`	`NONE`	✓ 一致	No code present to infer
命令执行	`UNKNOWN`	`NONE`	✓ 一致	No code present to infer
环境变量	`UNKNOWN`	`NONE`	✓ 一致	No code present to infer

目录结构

1 文件 · 8.1 KB · 225 行

Markdown 1f · 225L

└─ 📝 SKILL.md Markdown 225L · 8.1 KB

安全亮点

✓ No malicious code present - only documentation exists

✓ No credential theft mechanisms detected

✓ No data exfiltration endpoints observed

✓ No obfuscation or base64-encoded payloads

✓ No suspicious network communications

✓ Documentation describes legitimate financial operations with clear scope