TaxClaw
WarnAudited by ClawScan on May 10, 2026.
Overview
TaxClaw is mostly a coherent local tax-document extractor, but its optional cloud mode can send full rendered tax pages to Anthropic while the privacy and consent descriptions do not fully match the code.
Install only if you are comfortable storing tax documents locally under ~/.local/share/taxclaw. Prefer local/Ollama mode for privacy, and do not enable cloud mode or provide an Anthropic API key unless you accept that rendered tax-page images may be sent to Anthropic. Review the configuration carefully, and note that the supplied setup references a missing config.yaml.example file.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If cloud mode is enabled, full visible tax-page content—including SSNs, TINs, income, and account details—may be sent to Anthropic, not just kept locally.
In cloud mode, the skill sends rendered document image bytes to Anthropic. The visible cloud branch checks for an API key, but does not check cfg.privacy_acknowledged before transmitting sensitive tax-page images.
if cfg.model_backend == "cloud": ... client = Anthropic(api_key=cfg.cloud_api_key) ... "type": "image", "source": {"type": "base64", "media_type": "image/png", "data": _b64_png(image_bytes)}Use local mode unless you explicitly want cloud processing. The publisher should enforce privacy acknowledgement in every cloud call path and clearly state that rendered document images are sent.
A user may underestimate the sensitivity and amount of data shared with the cloud AI provider.
This privacy description is narrower than the cloud code path in src/ai.py, which attaches base64 PNG page images. Users may believe only text excerpts leave the device when rendered document pages can be transmitted.
What leaves your device when Cloud Mode is enabled: - Excerpts of text extracted from your tax documents (field names and values) - Sent to: Anthropic, Inc.
Update the privacy notice and UI to accurately disclose the exact cloud payload, and require a clear opt-in before any document image or extracted content is sent externally.
Anyone with access to the local user account or backups of this directory could access stored tax documents and extracted fields.
The skill persistently stores uploaded tax documents and extracted data locally. This is expected for review/export, but the stored data is highly sensitive.
Data dir: `~/.local/share/taxclaw/` - SQLite DB: `tax.db` - Stored uploads: `uploads/`
Store the data directory on an encrypted disk, delete documents when no longer needed, and avoid syncing this directory to cloud backup services unless intended.
If you configure cloud mode, the skill can use your Anthropic account/API quota to process documents.
Optional cloud mode uses an Anthropic API key from config or the environment. This is expected for Anthropic integration, and the supplied artifacts do not show hardcoded keys or credential logging.
if not cfg.cloud_api_key: cfg.cloud_api_key = os.environ.get("ANTHROPIC_API_KEY", "")Only set ANTHROPIC_API_KEY or cloud_api_key if you intend to use Anthropic processing, and use a key with appropriate account controls.
Setup may fail or users may need to inspect/fix configuration manually before the skill works.
The user-directed setup installs Python dependencies and copies a config example, but the supplied manifest does not include config.yaml.example. This is a packaging/coherence gap rather than evidence of malicious behavior.
"$VENV_DIR/bin/pip" install -r "$SKILL_DIR/requirements.txt" ... cp "$SKILL_DIR/config.yaml.example" "$CONFIG_PATH"
Verify the package contents before installing, and the publisher should include the referenced config example and declare setup requirements in metadata.