Scan Report
5 /100
Tax Package Preparation
Year-end tax package preparation pipeline for QBO-connected clients. Generates a 9-tab Excel workbook with tax schedules and IRS form mapping.
Documentation-only skill describing a legitimate tax preparation workflow. SKILL.md references non-existent scripts but contains no malicious code or suspicious behavior.
Safe to install
No immediate action needed. If implementing this skill, ensure scripts are added and validated for any future security review.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Referenced scripts not present in skill Doc Mismatch | SKILL.md:59 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | NONE | ✓ Aligned | SKILL.md mentions reading client SOPs but no scripts exist to execute this |
| Network | READ | NONE | ✓ Aligned | SKILL.md mentions QBO API access but no implementation code exists |
| Shell | NONE | NONE | — | No shell commands referenced in documentation |
| Environment | NONE | NONE | — | No environment variable access described |
| Skill Invoke | NONE | NONE | — | No skill chaining described |
| Clipboard | NONE | NONE | — | No clipboard access described |
| Browser | NONE | NONE | — | No browser access described |
| Database | NONE | NONE | — | No database access described |
File Tree
1 files · 8.0 KB · 197 lines Markdown 1f · 197L
└─
SKILL.md
Markdown
Security Positives
✓ No malicious code patterns detected (no base64, eval, obfuscation)
✓ No credential harvesting or exfiltration mechanisms described
✓ No suspicious network patterns (no direct IP addresses, no C2 indicators)
✓ No hidden functionality or shadow features in documentation
✓ No sensitive path access patterns (no ~/.ssh, ~/.aws, .env references in implementation)
✓ No supply chain risks (no dependencies declared with vulnerable versions)
✓ Legitimate business use case: tax preparation for QBO-connected clients