← Back to Skills Marketplace
Vendor Compliance 1099
by
samledger67-dotcom
· GitHub ↗
· v1.0.2
· MIT-0
254
Downloads
0
Stars
1
Active Installs
3
Versions
Install in OpenClaw
/install vendor-compliance-1099
Description
1099 vendor compliance pipeline for accounting firms. Pulls full-year General Ledger from QBO, aggregates vendor payments, applies IRS $600 threshold, classi...
Usage Guidance
This SKILL.md looks like a recipe for a local Python pipeline, but the package is incomplete and raises several red flags you should resolve before using it:
- Missing code and auth: The instructions reference scripts/pipelines/vendor-compliance-1099.py and QBO pulls, but no code or authentication flow is provided. Ask the publisher for the actual code and clear QBO auth instructions (OAuth client, environment variables, or secure token storage). Do not supply QBO credentials until you confirm how they will be used and stored.
- Sensitive persistent data: The skill stores W-9 and TIN data in .cache/*.json. Confirm how those files are protected (encryption at rest, file ACLs, retention policy). If you run this, prefer a sandbox environment and ensure backups/encryption are in place.
- Incomplete security guidance: There is no mention of where API tokens are read from, whether logs contain PII, or whether the Excel output contains masked TINs. Get explicit handling rules for PII and audit logging from the author.
- Don’t run arbitrary commands: Because the code is not bundled, the SKILL.md could be a template for a local script expected to exist in your environment. Only run it after you (or a trusted developer) have inspected the actual script files and confirmed they do what is described.
- If you still want to try it: run in an isolated sandbox with test data (--sandbox or --skip-gl), inspect all generated .cache files and the produced Excel workbook, and verify no credentials are exfiltrated. Prefer least-privilege QBO access (read-only account scoped to the needed company) and rotate any tokens after testing.
If the publisher provides the missing code and clear authentication + PII-handling controls, re-evaluate; as-is the skill is internally inconsistent and potentially risky.
Capability Analysis
Type: OpenClaw Skill
Name: vendor-compliance-1099
Version: 1.0.2
The skill bundle describes a legitimate accounting pipeline for 1099 tax compliance, designed to aggregate vendor payments from QuickBooks Online (QBO) and generate IRS-compliant reports. The documentation in SKILL.md is highly detailed, referencing specific IRS regulations (e.g., IRC §6721, §6045(f)) and providing clear logic for data processing, such as the $600 threshold and payment method filtering. There is no evidence of malicious intent, prompt injection, or unauthorized data exfiltration; the use of local cache files and QBO API access is consistent with the stated financial reporting purpose.
Capability Assessment
Purpose & Capability
The skill claims to pull a full-year General Ledger from QBO and persist W-9/TIN state, yet the registry entry lists no required credentials, no environment variables, and no code files. A pipeline path (scripts/pipelines/vendor-compliance-1099.py) is referenced but absent. Asking to access QBO without declaring how to authenticate is inconsistent with the stated purpose.
Instruction Scope
SKILL.md instructs running a Python script, reading/writing persistent cache files under .cache/vendor-compliance-1099, and classifying transactions by memo/keywords. It therefore expects filesystem access and QBO data access; those actions are not scoped or constrained (no auth flow, no explicit external endpoints), and the skill directs persistence of sensitive PII (TINs) to local JSON caches without guidance on encryption or protection.
Install Mechanism
There is no install spec and no code shipped — this is lower install risk. However, that also means the runtime instructions reference files that are not present, which is an incoherence rather than an install risk.
Credentials
The task requires access to accounting data and vendor TINs but declares no primary credential or required env vars. In practice it will need QBO credentials or API tokens and likely access to local filesystem where caches live. The omission is disproportionate and unexplained. Also persisting TINs/W-9s in plain .cache JSON is a sensitive-data handling concern.
Persistence & Privilege
The skill intends to persist per-client state across runs in .cache/vendor-compliance-1099 (W-9 and TIN JSON files and year snapshots). Persisting PII is expected for a tracker, but there is no instruction about secure storage, encryption, retention, or access controls. always:false (no forced global presence) is appropriate.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install vendor-compliance-1099 - After installation, invoke the skill by name or use
/vendor-compliance-1099 - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Updated SKILL.md
v1.0.1
Security cleanup: removed internal references, genericized examples
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Vendor Compliance 1099?
1099 vendor compliance pipeline for accounting firms. Pulls full-year General Ledger from QBO, aggregates vendor payments, applies IRS $600 threshold, classi... It is an AI Agent Skill for Claude Code / OpenClaw, with 254 downloads so far.
How do I install Vendor Compliance 1099?
Run "/install vendor-compliance-1099" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Vendor Compliance 1099 free?
Yes, Vendor Compliance 1099 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Vendor Compliance 1099 support?
Vendor Compliance 1099 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Vendor Compliance 1099?
It is built and maintained by samledger67-dotcom (@samledger67-dotcom); the current version is v1.0.2.
More Skills