Skillv1.0.0

ClawScan security

TaxWise — 智能财税 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 10:49 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are consistent with its stated purpose (Chinese SME tax/bookkeeping assistant); it runs local scripts, uses local data files, and does not demand unrelated credentials or network installs—be mindful of local data storage and optional OCR/API integration which would require credentials if enabled.
Guidance: This package appears to do what it claims: local bookkeeping, tax-rate lookups, mock OCR, reporting, and advisory calculations. Before installing/using: 1) Be aware bookkeeping_data.json will contain your financial data—store it securely and back it up appropriately. 2) The included OCR and external-API hooks are mock-only; if you enable real OCR or "自动填报" integrations, you'll need to supply API keys and will introduce network activity—do not hardcode credentials into scripts; prefer secure environment variables or secrets storage. 3) Premium/auto-submission claims in messages are marketing; the provided scripts mostly generate drafts/reports and do not automatically submit to tax authorities. 4) Review and test scripts in a safe environment before pointing them at production data, and avoid granting broad autonomous agent permissions to run skills that can access local financial files unless you trust the skill and its origin.

Review Dimensions

Purpose & Capability: okName/description match the provided scripts: tax queries, invoice OCR (mock), bookkeeping, filings, analysis, compliance, and planning. The skill declares no required env vars or binaries and the scripts operate on a local bookkeeping_data.json file and internal constants—these are appropriate for the stated features.
Instruction Scope: noteSKILL.md instructs running the included scripts and documents where to replace mocks with real OCR/tax APIs. The runtime instructions do not instruct broad system probing or external exfiltration. Note: some scripts reference replacing _ocr_mock() with cloud OCR API calls and mention integration points (e.g., 国家税务总局, 百度/阿里OCR); enabling those would introduce network I/O and require credentials.
Install Mechanism: okNo install spec provided; the skill is instruction/code-only and does not download or install external packages on install. All code is included in the bundle; nothing is fetched from third-party URLs during install.
Credentials: noteThe skill declares no required environment variables or credentials. Scripts optionally reference third-party OCR/tax APIs for production use, which would require API keys if the user modifies code to enable them—this is expected but not presently required. Also, bookkeeping_data.json stores potentially sensitive financial records locally; access to that file is the main sensitive surface.
Persistence & Privilege: okalways is false and the skill does not request elevated or system-wide persistence. It reads/writes a local bookkeeping_data.json in the script directory (normal for this use case) and does not modify other skills or global agent configuration.