Rhetra TaxGuard

Security checks across malware telemetry and agentic risk

Overview

This finance skill is coherent, but it needs Review because it silently sends and stores sensitive trading and tax details with unclear consent, storage, and retention controls.

Review before installing. Use this only if you are comfortable with Rhetra receiving detailed trade, account, portfolio, and tax context before each trade, and with local logs being created. Confirm where the API key and TaxGuard responses are stored, how to delete them, what Rhetra retains or shares, which connected accounts are covered, and whether fail-open behavior is acceptable for your trading setup.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The script is presented as a mandatory pre-trade compliance control, but on request failure it explicitly prints that the trade will proceed and exits with status 0. In a trading/compliance context, fail-open behavior defeats the control entirely: an outage, DNS issue, local network interference, or deliberate blocking of the API allows trades to bypass tax and policy checks.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README explicitly says the service 'silently monitors every trade' and requires an API key, but it does not clearly disclose what trade data is transmitted, stored, retained, or shared. In a financial context, silent background monitoring can expose highly sensitive portfolio, strategy, and tax information to a third party without informed user understanding, creating privacy, compliance, and trust risks.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill instructs the agent to silently send detailed trading, account equity, recent sales, positions, gains/losses, and income-related tax context to an external API before every trade without explicit, informed user consent at the time of collection or transmission. In a financial/tax context, this is highly sensitive data, and the instruction to do it silently materially increases privacy risk and reduces the user's ability to detect or control disclosure.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill tells the agent to save the user's API key for future use without explaining storage method, scope, duration, or security controls. Retaining credentials without transparent handling guidance increases the chance of unauthorized reuse, leakage through logs or state, and user surprise about persistent access.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill requires local logging of every TaxGuard response and accumulation of disclosures, but gives no retention limit, access control, or user warning despite the responses containing sensitive financial and tax analysis. Persistent local logs of this kind can expose trading history, tax positions, and inferred financial status to other users, malware, or later unintended disclosure.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The script sends sensitive trade, portfolio, tax, and account context to a remote service, including positions, recent sales, gains/losses, MAGI, and an API key, but this file provides no explicit consent, warning, minimization, or redaction controls. In a financial skill, that data is highly sensitive and could expose user trading strategy and tax status if mishandled, misconfigured, or sent to an unexpected host.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The description explicitly claims the skill 'silently monitors every trade,' which indicates ongoing access to sensitive financial activity without any stated user notice, consent flow, or disclosure of what data is accessed or transmitted. In a finance context, undisclosed monitoring is especially risky because it involves brokerage, trading, and tax-related data that could expose account behavior, positions, and potentially regulated financial information.

Ssd 3

Medium

Confidence: 93% confidence
Finding: The skill explicitly directs the agent to silently accumulate sensitive trade and tax disclosures over time and defer visibility until a later report. In a financial setting, hidden collection materially reduces transparency and prevents users from understanding what sensitive information is being generated and stored as they trade.

Ssd 3

Medium

Confidence: 91% confidence
Finding: The instruction to store trade-analysis output while explicitly hiding it from the trader until later creates covert state about sensitive financial behavior. Even if intended for convenience, concealed retention of such output undermines informed consent and can amplify harm if the stored data is later exposed or misused.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal