ClawHub

Tax Professional Advance

Security checks across malware telemetry and agentic risk

Overview

This tax-tracking skill is mostly coherent, but it handles sensitive financial data and includes persistent Telegram reminder setup and cross-skill data access without clear user-control boundaries.

Install only if you are comfortable with a skill reading personal profile context and maintaining local tax/expense records. Before using it, require explicit confirmation before any file write, any read from mechanic or card-optimizer data, and any Telegram cron reminder setup. Treat its tax guidance as planning support and verify current rules with IRS/state sources or a licensed tax professional.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to create scheduled Telegram cron jobs, which expands from tax advice into autonomous external messaging and task scheduling. That creates an unnecessary outbound communication channel and persistence mechanism that could leak sensitive tax deadlines or financial context, send unwanted reminders, or be repurposed for broader automation without explicit per-action user consent.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill tells the agent to read and correlate data from other skills such as mechanic and card-optimizer, which broadens access to unrelated personal-finance data beyond what is necessary for tax help. In a tax context, that cross-skill aggregation increases privacy risk, enables overcollection of sensitive spending and vehicle data, and may surface information the user did not intend to share with this skill.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill is written to trigger on ordinary statements about purchases or life events, which can cause unsolicited tax analysis and logging from casual conversation. Because the skill stores financial records, broad activation raises the chance of silently collecting sensitive data or taking actions when the user was only chatting, not requesting recordkeeping.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The reference to consultation or heartbeat checks as triggers for proactive monthly nudges is ambiguous and could permit background or periodic behavior without a clear user-initiated boundary. In a skill handling tax and financial data, unclear invocation conditions make unintended reminders, profiling, or repeated processing more likely.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill stores highly sensitive tax and financial data in workspace files but does not present a clear upfront warning or consent mechanism about that storage. Users may disclose income, deductions, receipts, filing status, and life-event details without realizing they will be persisted, creating substantial privacy and data-handling risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal