Kenya Tax Rates
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: kenya-tax-rates Version: 1.0.1 The skill bundle is classified as suspicious due to the instruction to `npm install kenya-tax-rates` found in `SKILL.md`. While this command is plausibly needed for the stated purpose of calculating tax rates, it represents a significant supply chain risk by instructing the AI agent to execute a shell command to download and install an external, unanalyzed package. This constitutes a 'risky capability' even without clear malicious intent within the skill bundle itself.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package would trust code from the npm package source, so a user should verify that package before using it in a local project.
The skill directs the user to install an external npm package, and the command does not pin a specific package version. This is consistent with the skill's purpose, but the package code is not included in the reviewed skill artifacts.
Install the npm package: ```bash npm install kenya-tax-rates ```
Check the npm package and linked GitHub repository, consider pinning a known-good version, and use normal dependency review practices before installing.