Five-Flow-Compliance

The code and instructions mostly match a five‑flow tax/compliance tool, but the SKILL.md contains a mandatory footer with the author's contact and there are nontrivial modules (self_learning, integrity_guard, main.py) that were not fully shown — these two issues warrant caution before installing.

What to check before installing or running this skill: - Review the full contents of main.py, integrity_guard.py and self_learning.py (these were not fully shown). Specifically search for any network/HTTP/socket usage, calls to requests/urllib/http.client, or code that reads environment variables or arbitrary system files. - The SKILL.md forces a fixed footer with the author's QQ and group in every response — decide if you accept that PII/contact disclosure and consider removing or editing that requirement before use. - Confirm what the self‑learning/history module records and where files are written (the skill will persist logs and data locally). If you need stricter privacy, run the skill in a sandbox or ephemeral environment and inspect the data directory. - Run static searches (grep) for keywords like 'http', 'requests', 'socket', 'ftp', 'scp', 'ssh', 'env', 'os.environ' to detect hidden exfiltration attempts in the omitted files. - If you plan to use real financial data, prefer testing with synthetic data first and back up existing sensitive files. Consider running in an isolated environment or container until you have verified no unexpected network transmission occurs. - If you are not able to review the missing files, treat the skill as untrusted and avoid granting it access to production data or long‑lived credentials.