ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tax Professional

v1.0.1

Comprehensive US tax advisor, deduction optimizer, and expense tracker. Covers all employment types (W-2, 1099, S-Corp, mixed), estimated tax payments, audit risk assessment, life event triggers, multi-state filing, RV-as-home rules, tax bracket optimization, document retention, and proactive year-round tax calendar nudges. Your CPA in the pocket.

4· 3k·8 current·8 all-time
by@scottfo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (US tax advisor, expense tracker, deduction optimizer) align with the instructions: reading USER.md, categorizing expenses, generating summaries, calculating estimated payments, and writing a per-year JSON expense file. The skill does not request unrelated credentials or binaries, which is appropriate.
Instruction Scope
SKILL.md explicitly instructs the agent to read USER.md and to read/write data/tax-professional/YYYY-expenses.json (expected for an expense tracker). However, some directives are vague: 'send proactive reminders' and 'Integration — Connect with mechanic, card-optimizer, and other skills' are unspecified — it's unclear which mechanisms or external endpoints (email, calendar, other skills) will be used. The skill also asks the agent to assess audit risk and provide strategic advice (normal) but gives no limitations on what user files may be read beyond USER.md. This grants the agent some operational discretion the user should understand.
Install Mechanism
Instruction-only skill with no install spec, no code files to execute, and no downloaded components — lowest install risk.
Credentials
No environment variables, credentials, or external config paths are requested. The lack of requested secrets is proportional to the stated functionality.
Persistence & Privilege
The skill persistently writes user financial data to workspace path data/tax-professional/YYYY-expenses.json. It does not request always:true or system-level privileges, but persistent storage of sensitive tax/financial/PII in plaintext files is a privacy and data-retention concern the user should consider (no guidance on encryption, access controls, or retention/cleanup).
Assessment
This skill appears to do what it says — read USER.md, advise, and store expense data in a per-year JSON file in your workspace — and it does not request external credentials or install anything. Before installing/use, consider: (1) Workspace privacy: the skill will store potentially sensitive financial and personal data in data/tax-professional/YYYY-expenses.json in plain JSON — ensure your workspace is private/backed up/encrypted or plan to delete/secure these files. (2) Notifications & integrations: ask how 'proactive reminders' are delivered and whether the skill will call other skills or external services (that could transmit your data). (3) Verification: treat tax advice as guidance, not a substitute for a licensed CPA for complex situations. (4) Retention policy: confirm whether and how long data is kept, and whether you can export/delete records. If you need stricter privacy, require the skill to encrypt stored files or avoid storing persistent records in the workspace.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ccbjkhw56j0vhn5vnx5cxax7zzynf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧾 Clawdis

Comments