Skillv1.0.0

ClawScan security

Norman: Tax Deduction Finder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 19, 2026, 8:51 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and runtime instructions match its stated purpose (scanning transactions for missed tax deductions) and it does not ask for unrelated credentials or install anything risky.
Guidance: This skill appears coherent and low-risk for its stated purpose, but keep the following in mind before enabling it: it will access your transaction history and company/tax settings via the host platform (norman-finance), so ensure you trust that platform and its permissions. The skill offers recategorization — only confirm changes you review. The guidance and tax estimates are approximate and Germany-specific (SKR04, GWG, AfA); verify important decisions with a tax professional. Note: the skill is instruction-only and has no code to audit, and the registry lists no source/homepage provenance beyond a homepage URL in SKILL.md, so if provenance or publisher trust is important to you, request more information about the author's identity and the 'norman-finance' MCP before proceeding.

Review Dimensions

Purpose & Capability: okThe skill is explicitly focused on analyzing transactions for German freelancer/small-business tax deductions and references relevant categories (e.g., SKR04, GWG, AfA). The SKILL.md declares a dependency on an MCP named 'norman-finance' for transaction/company functions, which is consistent with the described functionality. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: okRuntime instructions only direct the agent to call platform functions (search_transactions, get_company_details, list_tax_settings, categorize_transaction) and to present analyses and estimates. There are no instructions to read arbitrary system files, exfiltrate data, or send data to third-party endpoints. It does instruct automatic recategorization only after explicit user confirmation, which is appropriate.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing will be written to disk or downloaded during install. That minimizes install-time risk.
Credentials: okThe skill requires no environment variables, credentials, or config paths. Its data access (transaction history, company details, tax settings) is proportional to its purpose, as long as those platform APIs are the intended source of data.
Persistence & Privilege: okThe skill does not request always:true or any elevated persistence. It appears to operate only when invoked and does not modify other skills or global agent settings.