ClawHub

Vaudtax

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Vaud tax-file helper, but tax-estimate mode sends limited taxable figures to the official Vaud website.

Install only if you are comfortable letting an agent read sensitive Vaud tax declarations and attachments. Basic parsing and summaries can be kept local; tax-estimate/full-analysis mode sends taxable income, taxable wealth, commune, marital status, and child-count data to the official vd.ch calculator. Ask for a quick overview or local-only analysis if you do not want attachment OCR or remote calculation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill declares no permissions, yet its documented behavior includes writing extracted attachments to temporary files and making outbound HTTP requests to the Vaud tax calculator. This creates a trust and policy gap: users and the hosting platform may believe the skill is offline/read-only when it actually performs network and file-write operations on highly sensitive tax data workflows.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill is presented as a local file reader/summarizer for .vaudtax files, but the instructions also authorize OCR of attachments and remote tax-calculator queries that may be invoked during analysis flows. In a tax context, this mismatch is dangerous because users may provide sensitive declarations expecting passive inspection, while the skill can process additional document contents and transmit derived data over the network without that expanded behavior being clearly reflected in the skill description.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The guide explicitly documents a script that queries vd.ch via direct HTTP POST, which expands the skill from local file inspection into outbound network interaction. In an agent context, this can cause unauthorized data transmission, expose sensitive tax-derived values to third parties, and violate the principle of least privilege for a skill advertised as handling local .vaudtax files.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documented 'official calculator' capability performs external requests that are not necessary for merely reading, summarizing, or converting a .vaudtax file. Because tax declarations contain highly sensitive financial and personal information, a network-enabled workflow increases the risk of silent exfiltration, privacy breaches, and scope creep beyond the user's expected local-analysis task.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script’s documented behavior is to POST tax inputs to an external Canton Vaud website, which materially exceeds the manifest’s stated scope of working with local .vaudtax files. This mismatch is security-relevant because users may supply sensitive tax data expecting local-only processing, while the skill silently transmits it to a third party.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The CLI exposes a network-backed tax calculation path that is not obviously required for handling .vaudtax files, creating unexpected outbound data flow from a skill whose purpose suggests local document inspection. In the context of tax declarations, this can disclose highly sensitive personal financial data without users realizing they are invoking a remote service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code sends taxable income, wealth, marital status, commune, and child-count data to an external service over the network, but there is no user-facing warning or consent prompt at the point of execution. Even though the URL uses HTTPS rather than plaintext HTTP, the privacy issue remains: sensitive tax data is disclosed to an external party unexpectedly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal