Fix capitalization issues and handle cases where the answer is "none".

backend/app/api/v1/endpoints/agent_tasks.py

@@ -1352,7 +1352,17 @@ async def _save_findings(
 
 
 def _calculate_security_score(findings: List[Dict]) -> float:
-    """计算安全评分"""
+    """计算安全评分
+    
+    评分逻辑：从 100 分开始，根据漏洞严重程度扣分
+    - Critical: -25分
+    - High: -15分
+    - Medium: -8分
+    - Low: -3分
+    - Info: -1分
+    
+    🔥 FIX: 确保 severity 转换为小写后再匹配 deductions 字典
+    """
     if not findings:
         return 100.0
 
@@ -1368,8 +1378,11 @@ def _calculate_security_score(findings: List[Dict]) -> float:
     total_deduction = 0
     for f in findings:
         if isinstance(f, dict):
-            sev = f.get("severity", "low")
-            total_deduction += deductions.get(sev, 3)
+            # 🔥 FIX: 将 severity 转换为小写，确保能正确匹配 deductions 字典
+            raw_sev = f.get("severity") or f.get("risk") or "low"
+            sev = str(raw_sev).lower().strip()
+            deduction = deductions.get(sev, 3)  # 默认使用 low 的扣分
+            total_deduction += deduction
 
     score = max(0, 100 - total_deduction)
     return float(score)

backend/app/services/agent/agents/orchestrator.py

@@ -913,6 +913,11 @@ Action Input: {{"参数": "值"}}
                         # Normalize the finding first
                         normalized_new = self._normalize_finding(new_f)
                         
+                        # 🔥 FIX: Skip if normalization returned None (e.g., file path validation failed)
+                        if normalized_new is None:
+                            logger.debug(f"[Orchestrator] Skipping invalid finding: {new_f.get('title', 'N/A')[:50]}")
+                            continue
+
                         # Create fingerprint for deduplication (file + description similarity)
                         new_file = normalized_new.get("file_path", "").lower().strip()
                         new_desc = (normalized_new.get("description", "") or "").lower()[:100]