ClawHub

Greek Individual Taxes

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a tax-preparation guide, but it under-discloses high-impact actions like direct tax submission, payment processing, bank import, and automatic client communications.

Install only if you are comfortable reviewing and controlling every external action manually. Keep tax files in a dedicated folder, do not provide banking/email/payment access unless explicitly needed, verify tax calculations against current official guidance, and require human approval before any TAXIS submission, payment, client message, or cloud archive action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The skill claims it only prepares local E1 data and does not submit to AADE directly, but elsewhere instructs direct TAXIS submission and digital-signature-ready workflows. This mismatch can mislead operators and downstream policy engines about the skill's real authority, increasing the chance of unintended external actions on sensitive tax accounts.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The metadata presents the skill as instruction-only and limited to local file preparation, while the body documents direct AADE submission, audit support, banking imports, payments, and cloud storage. Security controls often rely on metadata for trust and sandboxing decisions, so understated capabilities can bypass scrutiny and lead to over-privileged use.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill's documented scope expands far beyond tax preparation into email processing, banking data import, payment processing, audit workflows, and cloud archival. This broad scope materially increases attack surface and the chance that a user invoking a tax-prep skill triggers unrelated high-risk actions involving financial accounts, communications, or sensitive personal records.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The evaluation set contains broad, high-authority tax-preparation prompts that ask the agent to prepare filings, optimize deductions, and produce submission-ready outputs without explicit guardrails, jurisdiction/version checks, or exclusions for regulated advice. In a tax-preparation skill, this increases the chance the agent will overclaim deductions, provide unauthorized legal/tax advice, or generate noncompliant filing instructions based on incomplete or outdated rules.

Natural-Language Policy Violations

Medium
Confidence
76% confidence
Finding
Requiring Greek-language client communication materials without user opt-in can override user preference and reduce clarity for users who do not read Greek fluently, especially in a tax-compliance context where misunderstanding instructions can cause filing or payment errors. While not inherently malicious, forcing a language choice in regulated content can increase operational and compliance risk.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The documented client communication command enables automatic Greek-language responses without indicating user consent, recipient confirmation, or review. Auto-sending messages on behalf of users can cause unauthorized communications, privacy breaches, or inaccurate tax-related statements to clients or authorities.

Chaining Abuse

High
Category
Tool Misuse
Content
```bash
export OPENCLAW_DATA_DIR="/data"
which jq || sudo apt install jq
```

No external credentials required. This skill prepares E1 tax return data from local files. Actual submission to AADE is handled by the `greek-compliance-aade` skill with human approval.
Confidence
97% confidence
Finding
| sudo

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal