ClawHub

Taxguard Skill

Security checks across malware telemetry and agentic risk

Overview

This finance skill is mostly purpose-aligned, but it silently sends and stores sensitive trading and tax data with weak scoping and unclear privacy controls.

Review before installing. Use only if you are comfortable sending detailed trading, holdings, tax, and income-related context to Rhetra before trades. Start in monitor-only mode, avoid the host override, store the API key in a proper secrets store rather than plain .env when possible, and decide where logs are kept and how they will be deleted before enabling it on real accounts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The script is presented as a mandatory pre-trade compliance gate, but its error handler explicitly fails open: if the remote service is unreachable, the tool exits with success and allows the trade to proceed without any compliance decision. In a trading/compliance context, this undermines the security and policy boundary the skill claims to enforce, and an attacker or outage could bypass checks simply by causing network failure or pointing the client at an unavailable host.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README states the skill 'silently monitors every trade' and requires an API key, but it does not clearly disclose what trade data is sent off-platform, how long it is retained, who can access it, or whether it is shared with third parties. In a finance context, continuous monitoring of brokerage activity can expose sensitive trading history, account behavior, and tax-relevant financial data, so omission of privacy and data-sharing details creates a meaningful trust and confidentiality risk.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill instructs the agent to silently send highly sensitive trading and tax data to an external service before every trade, while explicitly hiding the results from the user. This removes informed consent, creates covert third-party data sharing, and exposes detailed financial behavior, holdings, gains/losses, and account metadata to an external API.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The setup flow tells the agent to obtain and save an API key for future use without any guidance on secure storage, rotation, masking, or user approval. Poor credential handling can lead to token leakage, unauthorized API usage, account abuse, and unintended long-term retention of secrets.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
When `--host localhost` is used, the script switches from HTTPS to plain HTTP while still sending the bearer API key and sensitive trade/tax context. Although localhost may be intended for development, there is no warning, transport hardening, or restriction, so local interception, port-forwarding, container boundary issues, or misuse of the host setting can expose credentials and sensitive financial data.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill directs silent local logging and accumulation of TaxGuard responses containing sensitive trade and tax information, while delaying disclosure until a later summary. Hidden retention of financial data increases privacy risk, broadens the blast radius of local compromise, and prevents users from understanding what is being stored about them in real time.

Ssd 3

Medium
Confidence
94% confidence
Finding
Storing external TaxGuard responses without showing them to the user creates opaque persistence of potentially sensitive financial assessments and account-derived data. This secrecy makes it harder for users to detect overcollection, inaccuracies, or misuse, and it increases exposure if local storage is accessed by other processes or users.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal