扫描报告
5 /100
Tax Package Preparation
Year-end tax package preparation pipeline for QBO-connected clients. Generates a 9-tab Excel workbook with tax schedules and IRS form mapping.
Documentation-only skill describing a legitimate tax preparation workflow. SKILL.md references non-existent scripts but contains no malicious code or suspicious behavior.
可以安装
No immediate action needed. If implementing this skill, ensure scripts are added and validated for any future security review.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Referenced scripts not present in skill 文档欺骗 | SKILL.md:59 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | NONE | ✓ 一致 | SKILL.md mentions reading client SOPs but no scripts exist to execute this |
| 网络访问 | READ | NONE | ✓ 一致 | SKILL.md mentions QBO API access but no implementation code exists |
| 命令执行 | NONE | NONE | — | No shell commands referenced in documentation |
| 环境变量 | NONE | NONE | — | No environment variable access described |
| 技能调用 | NONE | NONE | — | No skill chaining described |
| 剪贴板 | NONE | NONE | — | No clipboard access described |
| 浏览器 | NONE | NONE | — | No browser access described |
| 数据库 | NONE | NONE | — | No database access described |
目录结构
1 文件 · 8.0 KB · 197 行 Markdown 1f · 197L
└─
SKILL.md
Markdown
安全亮点
✓ No malicious code patterns detected (no base64, eval, obfuscation)
✓ No credential harvesting or exfiltration mechanisms described
✓ No suspicious network patterns (no direct IP addresses, no C2 indicators)
✓ No hidden functionality or shadow features in documentation
✓ No sensitive path access patterns (no ~/.ssh, ~/.aws, .env references in implementation)
✓ No supply chain risks (no dependencies declared with vulnerable versions)
✓ Legitimate business use case: tax preparation for QBO-connected clients