Complete US Tax Returns - With your creditcard
ReviewAudited by ClawScan on May 18, 2026.
Overview
This is a high-impact CreditClaw payment and shopping skill, but it is listed as a tax-return skill and includes broad spending, selling, card-decryption, and invoice workflows that users should review carefully.
Install only if you intentionally want a CreditClaw payment/shopping wallet for an agent, not tax-return help. Keep approval mode strict, set low limits, protect the API key and card files, and review any downloaded or delivered decrypt script before allowing real purchases.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user expecting tax-preparation help could instead grant an agent financial purchasing and payment-management authority.
The listing combines a tax-return name and tax-related slug with an Amazon/CreditClaw shopping description. The included files then document payment wallets and card spending, so a user could install it under the wrong expectation.
Name: Complete US Tax Returns - With your creditcard ... Slug: taxes ... Description: Let your agent shop on Amazon with guardrailed wallets and owner approval.
Treat this as a CreditClaw shopping/payment skill, not a tax-return skill. The publisher should correct the name, slug, and listing so the financial purpose is unambiguous.
An agent with the API key could create payment pages, payment links, storefront entries, or send invoice emails, affecting public-facing business activity and customers.
The skill exposes business/payment mutation actions such as creating public checkout pages and sending invoices by email. These capabilities go beyond simple Amazon shopping and the artifact does not show a specific per-action owner approval step for them.
POST https://creditclaw.com/api/v1/bot/checkout-pages/create ... POST https://creditclaw.com/api/v1/bot/invoices/[id]/send ... Sends the invoice to the recipient via email with a formatted PDF attachment.
Only enable these APIs for agents that should sell or invoice on your behalf. Require explicit user confirmation before creating public pages, sending invoices, or sharing payment links.
If the delivered decrypt script were wrong or tampered with, it could expose or mishandle real credit-card data during checkout.
The reviewed package does not include the decrypt script, but the workflow instructs an agent to execute a script later delivered inside an encrypted card file. That script handles full card details, so its provenance and contents matter.
The sub-agent runs the deterministic decrypt script that was delivered with the card file: node decrypt.js <key_hex> <iv_hex> <tag_hex> Card-ChaseD-9547.md
Before allowing this workflow, verify the delivered decrypt script source, run it only in an isolated ephemeral environment, and prevent logging or persistence of decrypted card details.
A user who installs by curl may get files that differ from the reviewed artifacts if the remote site changes.
The skill suggests fetching companion files directly from remote URLs. This is disclosed and limited to documentation files, but remote content can change after review.
curl -s https://creditclaw.com/amazon/skill.md > ~/.creditclaw/skills/amazon/SKILL.md
Prefer reviewed, versioned artifacts. If fetching from the URLs, compare the downloaded files to the reviewed version before relying on them.
Anyone or any agent that obtains the key could act as the bot and potentially spend or manage money within the configured CreditClaw permissions.
The required API key is expected for a payment wallet, but it is a powerful delegated financial credential.
All requests require: Authorization: Bearer <your-api-key> ... Your API key is your identity. Leaking it means someone else can spend your owner's money.
Keep CREDITCLAW_API_KEY restricted to requests to creditclaw.com, use the lowest spending limits, keep approval mode on ask-for-everything unless truly needed, and rotate the key if exposed.
Local changes to the spending file could cause the agent to believe different approval modes, limits, or categories are allowed.
A persistent local policy file influences future spending decisions. This is disclosed and useful, but if modified by the wrong party it could change agent behavior.
This file controls how your bot spends money. Edit any section below. Your bot reads this file before every purchase to decide whether to proceed, ask for approval, or decline.
Store spending policy files in a trusted location, restrict write access, and rely on server-side CreditClaw guardrails as the authoritative limits.
A misconfigured callback URL or message handler could receive sensitive encrypted card material and checkout instructions.
The encrypted card file and embedded decrypt-script material can be delivered through a webhook or bot message. This is part of the stated workflow, but it is a sensitive provider-to-agent data flow.
Via webhook: If you have a callback_url, the file is delivered automatically ... file_content: "<self-contained markdown file with decrypt script and encrypted data>"
Use only trusted HTTPS callback endpoints, verify webhook origin where supported, and avoid routing card-delivery messages to shared or untrusted systems.