tax-filing
Security checks across malware telemetry and agentic risk
Overview
The skill appears to be a coherent tax-form assistant, but it naturally handles sensitive tax data, writes local PDF files, and suggests an unpinned pypdf install command that users should handle carefully.
Use this skill only if you are comfortable sharing the tax details needed for the task. Keep copies of original PDFs, review all generated forms before filing, and install pypdf in an isolated environment rather than using the suggested system-wide install flag.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may need to provide private tax and income information for the assistant to be useful.
The normal workflow brings sensitive tax and financial details into the agent session and generated tax forms. This is expected for a tax-filing assistant, and the provided artifacts do not show external sharing or persistent memory.
calculating amounts from source documents (W-2, 1099s, etc.), and filling IRS PDF forms
Share only the tax details needed for the task, avoid unnecessary full-document uploads, and review any filled forms carefully before filing.
A mistaken output path or field value could overwrite a file or create an inaccurate tax form.
The script can modify PDF form fields and write an output file. This is central to the skill's purpose, but the output path is user-supplied and should be chosen carefully.
python scripts/update_form.py INPUT_PDF OUTPUT_PDF [--set FIELD=VALUE ...] [--clear FIELD ...]
Run the script only on copies of tax forms, write outputs to a safe new path, and manually review the resulting PDF.
Installing dependencies this way could affect your local Python environment beyond this skill.
The script depends on pypdf but the skill has no install spec or pinned dependency. The suggested --break-system-packages flag can alter a system-managed Python environment.
Run: pip install pypdf --break-system-packages
Prefer installing pypdf in a virtual environment or another isolated environment, and avoid --break-system-packages unless you understand the local system impact.