中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 25/100
Last scan:20 hr ago Rescan
25 /100
vendor-compliance-1099
1099 vendor compliance pipeline for accounting firms — GL extraction, IRS $600 threshold, 1099-NEC/MISC classification, W-9/TIN tracking, penalty calculation, 8-tab Excel output
SKILL.md describes a 1099 compliance pipeline but references a non-existent script file — documentation without implementation code raises concerns about completeness but shows no malicious behavior.
Skill Namevendor-compliance-1099
Duration25.9s
Enginepi
Safe to install
Verify the script implementation exists before using this skill. Request the actual scripts/pipelines/vendor-compliance-1099.py file to complete security review.

Findings 1 items

Severity Finding Location
Medium
Referenced implementation script does not exist Doc Mismatch
SKILL.md declares scripts/pipelines/vendor-compliance-1099.py as the pipeline location, but no scripts directory or Python implementation files exist in the skill package.
scripts/pipelines/vendor-compliance-1099.py
→ Provide the actual implementation script or remove the reference if this is documentation-only.
 SKILL.md:25
ResourceDeclaredInferredStatusEvidence
Filesystem NONE NONE No code to analyze
Network NONE NONE No code to analyze
Shell NONE NONE No code to analyze
Environment NONE NONE No code to analyze
Skill Invoke NONE NONE No code to analyze
Clipboard NONE NONE No code to analyze
Browser NONE NONE No code to analyze
Database NONE NONE No code to analyze

File Tree

1 files · 7.7 KB · 198 lines
Markdown 1f · 198L
└─ 📝 SKILL.md Markdown 198L · 7.7 KB

Security Positives

✓ SKILL.md is well-structured with clear trigger phrases and use-case boundaries
✓ Documentation explicitly excludes high-risk operations (no W-2, no remote execution claims)
✓ No suspicious patterns in documentation (no base64, no external IPs, no credential exfiltration described)
✓ Decimal math usage documented (avoids floating-point vulnerabilities)