ClawHub

Ziptax Sales Tax

Security checks across malware telemetry and agentic risk

Overview

This sales-tax lookup skill is legitimate in purpose, but its bundled lookup script can run local code from a specially crafted address, so it needs review before use.

Install only if you are comfortable sending lookup locations to ZipTax and using a ZipTax API key. Do not run scripts/lookup.sh with untrusted address text until the quoting bug is fixed, and prefer header-based API-key use instead of putting keys in URLs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
79% confidence
Finding
The skill documents shell and network-capable behavior (curling an external API) but does not declare any permissions. That creates a transparency and policy-enforcement gap: an agent may be allowed to exfiltrate user-provided address or location data and use shell execution without an explicit permission review.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Documenting API key authentication via a query parameter encourages an unsafe pattern because URLs are commonly logged by browsers, proxies, load balancers, analytics tooling, and server access logs. In a skill that handles external API calls, this increases the chance of credential leakage and subsequent unauthorized use of the ZipTax account.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script sends precise address, latitude/longitude, and postal code data to a third-party API, which is expected for the skill's function but still creates a real privacy/security exposure because potentially sensitive user location data leaves the local environment. The risk is increased by the lack of an explicit runtime warning, consent step, or data-handling notice, so operators may unknowingly transmit sensitive location information externally.

External Transmission

Medium
Category
Data Exfiltration
Content
### Address Lookup (most accurate)
```bash
curl -s "https://api.zip-tax.com/request/v60?address=200+Spectrum+Center+Drive+Irvine+CA+92618" \
  -H "X-API-KEY: $ZIPTAX_API_KEY"
```
Confidence
72% confidence
Finding
https://api.zip-tax.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### Postal Code Lookup
```bash
curl -s "https://api.zip-tax.com/request/v60?postalcode=92618" \
  -H "X-API-KEY: $ZIPTAX_API_KEY"
```
Confidence
69% confidence
Finding
https://api.zip-tax.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### Lat/Lng Lookup
```bash
curl -s "https://api.zip-tax.com/request/v60?lat=33.6525&lng=-117.7479" \
  -H "X-API-KEY: $ZIPTAX_API_KEY"
```
Confidence
76% confidence
Finding
https://api.zip-tax.com/

External Transmission

Medium
Category
Data Exfiltration
Content
1. Determine lookup type: address (best), lat/lng, or postal code
2. Use **v60** (latest) for full jurisdiction breakdowns; use v10 for simple combined rate
3. Make GET request to `https://api.zip-tax.com/request/v60` with auth header
4. Check `metadata.response.code` — 100 means success
5. Read `taxSummaries[0].rate` for total sales tax rate
6. Read `baseRates` array for state/county/city/district breakdown
Confidence
74% confidence
Finding
https://api.zip-tax.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal