扫描报告
20 /100
Payroll GL Reconciliation
Reconcile QuickBooks Online payroll GL accounts against payroll provider reports (Gusto, ADP, Paychex) across 12 categories
Documentation-only skill describing a payroll reconciliation pipeline; no executable code present to analyze, with a minor doc mismatch where referenced script paths do not exist.
可以安装
This skill contains only documentation with no actual implementation. Before deploying, ensure the referenced script scripts/pipelines/payroll-reconciliation.py is provided. Review the script for any shell, network, or credential access patterns before use.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Referenced script does not exist 文档欺骗 | SKILL.md:35 |
| 低危 | Dependencies declared but unverifiable 文档欺骗 | SKILL.md:175 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | NONE | ✓ 一致 | SKILL.md mentions reading payroll CSV files but no script exists to verify |
| 网络访问 | READ | NONE | ✓ 一致 | SKILL.md mentions QBO API integration but no script exists to verify |
| 命令执行 | NONE | NONE | — | No shell usage documented or present |
目录结构
1 文件 · 9.8 KB · 308 行 Markdown 1f · 308L
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
openpyxl | * | pip | 否 | Listed in SKILL.md but no script exists to verify usage; version not pinned |
安全亮点
✓ Skill provides clear negative boundaries to prevent misuse
✓ No obfuscated code, base64, or suspicious patterns found
✓ No credential harvesting mechanisms documented or present
✓ Legitimate accounting use case with proper financial controls (Decimal math)
✓ CDC cache is file-based with no network exfiltration
✓ Clear documentation of 12 reconciliation categories and 8-tab Excel output