vendor-compliance-1099 安全扫描报告 — 低风险 | ClawSafe

25 /100

vendor-compliance-1099

1099 vendor compliance pipeline for accounting firms — GL extraction, IRS $600 threshold, 1099-NEC/MISC classification, W-9/TIN tracking, penalty calculation, 8-tab Excel output

SKILL.md describes a 1099 compliance pipeline but references a non-existent script file — documentation without implementation code raises concerns about completeness but shows no malicious behavior.

技能名称vendor-compliance-1099

分析耗时25.9s

引擎pi

✓

可以安装

Verify the script implementation exists before using this skill. Request the actual scripts/pipelines/vendor-compliance-1099.py file to complete security review.

安全发现 1 项

严重性	安全发现	位置
中危	Referenced implementation script does not exist 文档欺骗 SKILL.md declares scripts/pipelines/vendor-compliance-1099.py as the pipeline location, but no scripts directory or Python implementation files exist in the skill package. `scripts/pipelines/vendor-compliance-1099.py` → Provide the actual implementation script or remove the reference if this is documentation-only.	`SKILL.md:25`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No code to analyze
网络访问	`NONE`	`NONE`	—	No code to analyze
命令执行	`NONE`	`NONE`	—	No code to analyze
环境变量	`NONE`	`NONE`	—	No code to analyze
技能调用	`NONE`	`NONE`	—	No code to analyze
剪贴板	`NONE`	`NONE`	—	No code to analyze
浏览器	`NONE`	`NONE`	—	No code to analyze
数据库	`NONE`	`NONE`	—	No code to analyze

目录结构

1 文件 · 7.7 KB · 198 行

Markdown 1f · 198L

└─ 📝 SKILL.md Markdown 198L · 7.7 KB

安全亮点

✓ SKILL.md is well-structured with clear trigger phrases and use-case boundaries

✓ Documentation explicitly excludes high-risk operations (no W-2, no remote execution claims)

✓ No suspicious patterns in documentation (no base64, no external IPs, no credential exfiltration described)

✓ Decimal math usage documented (avoids floating-point vulnerabilities)