ClawHub

Tax Planning Framework

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, instruction-only tax planning guide with no code execution, credential access, persistence, or hidden system behavior.

Install only if you want the agent to provide tax-planning guidance. Verify recommendations, thresholds, deadlines, and savings estimates with a licensed CPA or tax advisor before acting, especially because tax rules and limits change over time.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The usage section recommends very broad activation phrases like 'Help me with tax planning' and 'Optimize my business taxes,' which can easily match ordinary user requests unrelated to explicitly invoking this skill. In agent ecosystems that route skills by trigger text, this increases the chance of accidental or silent invocation, causing the tax-planning skill to engage without clear user intent and potentially produce regulated financial guidance in inappropriate contexts.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrase "Optimize my business taxes" is ambiguous and may match a wide range of legitimate user requests, causing the skill to activate without deliberate selection. In this skill, unintended activation is more concerning because the content contains prescriptive tax minimization strategies and promotional links, so a misfire could steer a conversation toward regulated financial guidance or irrelevant recommendations.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrase "Optimize my business taxes" is ambiguous and may match a wide range of legitimate user requests, causing the skill to activate without deliberate selection. In this skill, unintended activation is more concerning because the content contains prescriptive tax minimization strategies and promotional links, so a misfire could steer a conversation toward regulated financial guidance or irrelevant recommendations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal