US Tax Return Review-1040
v1.0.0Review U.S. individual income tax returns (Form 1040/1040-SR) for the most recent tax year, compare major return items against current-year tax rules, check...
⭐ 1· 187·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (1040 review, multi-year consistency, DOCX risk report, audit-likelihood) align with the provided files: a Python script that performs checks and generates JSON/markdown/DOCX and law/reference JSON. Required libraries (python-docx) are appropriate for DOCX output. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs the agent to run the included script against normalized input and the provided law JSON. The instructions reference only local files (input schema, law file, example returns) and producing local artifacts. There are no instructions to read unrelated system files or to transmit data externally in the SKILL.md. (Recommendation: review the full Python script for any hidden network/subprocess calls; the visible portion shows typical local-processing logic.)
Install Mechanism
There is no install spec — this is instruction+script only. The only runtime dependency called out is python-docx, which is a standard PyPI package and the README suggests installing via pip. No downloads from arbitrary URLs or archive extraction are present in the manifest or SKILL.md.
Credentials
The skill requests no environment variables or credentials (proportionate). However, it is explicitly designed to process sensitive tax and PII data from returns. That makes safe handling a key concern even though no secrets are requested: the skill will read input files that may contain SSNs, financial data, etc., so processing should be done locally and securely.
Persistence & Privilege
No always:true flag, no install-time persistence, and no declared modifications to other skills or system-wide settings. The skill appears user-invocable only and does not request elevated/ongoing privileges.
Assessment
This skill appears to do what it says: analyze normalized Form 1040 data, compare to the included law file, and produce JSON/MD/DOCX reports. Before installing or running it: (1) inspect the complete scripts/review_1040.py for any network, subprocess, or file-access code you didn't expect (requests, urllib, socket, subprocess, os.exec, or writes outside the output directory); (2) run it on copies of data in an isolated environment because tax returns contain PII; (3) install python-docx from the official PyPI index (pip install --user python-docx) if you need DOCX output; (4) verify and, if necessary, update references/current_tax_law_2025.json to current authoritative IRS/SSA sources before making decisions; and (5) treat findings as advisory and have a licensed tax professional (CPA/EA) review any action items. If you want higher confidence, paste the rest of scripts/review_1040.py here (the file was truncated in the review) so I can check for hidden network or exfiltration behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk973jrg0hnv75a68sptgey8fnn82v8vh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.