Skillv1.0.0

ClawScan security

XPR Crypto Tax · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 14, 2026, 5:11 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely matches its stated purpose (crypto tax reporting) but has several inconsistencies and undeclared resource accesses you should understand before installing.
Guidance: This skill appears to implement the advertised crypto-tax functionality, but there are transparency issues you should address before installing: - Expect the skill to call external APIs (Saltant, Metal X, Hyperion, CoinGecko) and to upload report files (PDF + CSVs) as part of its normal workflow. Confirm you trust the platform's store_deliverable and xpr_deliver_job endpoints and any third-party URLs used for delivery. Uploading CSVs means financial and transaction data will be transmitted off the agent environment. - The code reads COINGECKO_API_KEY (optional) and RATE_CACHE_PATH even though the manifest does not list these env vars. If you provide a CoinGecko key, verify it is scoped appropriately; if you do not, the skill falls back to limited/no-key behavior. - By default the skill will create a data/rate-cache.json in the agent working directory. If you prefer to control where files are written, set RATE_CACHE_PATH to a safe location (or make the skill's working directory read-only) and audit the cache file contents policy. - Review the bundled dist/index.js (included) yourself or ask the publisher for a provenance statement. The included code is not obviously malicious, but the manifest omissions (env/config) and mandatory multi-file upload step are non-trivial and warrant caution. - If you want to proceed: run the skill with non-sensitive test data first, confirm the exact endpoints used for uploads/delivery, and consider providing a throwaway CoinGecko key or limiting the RATE_CACHE_PATH to a directory you control. If the publisher can update the manifest to declare COINGECKO_API_KEY and RATE_CACHE_PATH (and describe their use), that would increase transparency and reduce risk.
Findings: [process.env.COINGECKO_API_KEY] expected: The code uses COINGECKO_API_KEY to access CoinGecko pro/demo endpoints for historical prices — this is reasonable for accurate pricing, but the manifest does not declare it as a required or optional env var. [process.env.RATE_CACHE_PATH] expected: The code uses RATE_CACHE_PATH to determine where to persist a rate-cache JSON file. Persisting a rate cache is reasonable, but the skill did not declare required config paths and will read/write files under the agent's filesystem by default.

Review Dimensions

Purpose & Capability: noteName/description (XPR crypto tax reporting for NZ/US) aligns with the code and SKILL.md: it calls on-chain APIs, parses DEX CSVs, computes gains, and generates reports. Requiring price data (CoinGecko) and on-chain APIs is reasonable for this purpose. However, the skill's package metadata lists no required env vars while the code relies on environment variables (COINGECKO_API_KEY, RATE_CACHE_PATH), which is an inconsistency.
Instruction Scope: noteSKILL.md instructs the agent to fetch balances/trades/transfers, compute gains, and then upload a PDF and two CSVs and call a delivery job (xpr_deliver_job). That workflow is coherent for a reporting tool, but the instructions mandate uploading all files and making an external 'deliver' call in a single run — a behavior with data-exfiltration implications if endpoints or storage targets are untrusted. SKILL.md also claims 'all tools are read-only', but the code persists a local rate cache to disk (not strictly read-only).
Install Mechanism: okNo install spec is provided (instruction-only installation), which is low risk compared to arbitrary downloads. The package contains JS/TS source and a bundled dist file that will run on the platform — no external installers or unusual download URLs are present.
Credentials: concernskill.json declares no required environment variables, but the code reads process.env.COINGECKO_API_KEY (to enable expanded CoinGecko history) and process.env.RATE_CACHE_PATH (to override where a persistent JSON rate cache is stored). COINGECKO_API_KEY is expected for price history (reasonable), but its absence from manifest is an oversight. RATE_CACHE_PATH (default: ./data/rate-cache.json) means the skill will read/write files on disk; this file-write capability is disproportionate relative to the manifest which states no config paths. Lack of explicit env declaration reduces transparency and is a red flag.
Persistence & Privilege: notealways is false and the skill does not request elevated platform privileges. However, it maintains a persistent local JSON rate cache (writes to a data directory by default) which means it will create files under the agent's working directory. This is ordinary for caching but should be noted.