Back to skill
Skillv0.1.1
VirusTotal security
TaxClaw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:24 AM
- Hash
- 4453f10fd3500dbe294ba1845dc3809363020bb13af6b896d987e9c942b54062
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: taxclaw Version: 0.1.1 The OpenClaw skill 'taxclaw' is designed with strong security and privacy considerations. It is local-first by default, processing all tax documents and extracted data on the user's machine. The optional cloud AI mode is explicitly opt-in, requiring user acknowledgment of privacy implications. The code implements robust defenses against prompt injection by instructing the AI model to treat document content as untrusted data and to ignore embedded instructions (src/ai.py, src/extract.py). File uploads are secured with size limits, extension allowlists, and magic-byte sniffing (src/store.py). The web UI includes CSRF protection and enforces loopback host/origin checks (src/main.py). All network and file system access is aligned with the stated purpose of a local tax document extraction tool, and there is no evidence of intentional harmful behavior, unauthorized data exfiltration, or persistence mechanisms.
- External report
- View on VirusTotal