ClawHub

Taxragflow

PassAudited by ClawScan on May 13, 2026.

Overview

This appears to be a coherent tax Q&A skill that queries a configured RAGFlow knowledge base, but users should protect the RAGFlow API key and verify where their questions are sent.

Before installing, make sure you trust the RAGFlow server URL and can provide a limited-scope API key. Avoid sending highly sensitive tax or business details unless the endpoint's privacy and retention practices are acceptable.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Info
#ASI02: Tool Misuse and Exploitation
What this means

When invoked, the agent may run the bundled Python script and make an outbound API request for the tax question.

Why it was flagged

The skill declares local execution and network access so it can run query_tax.py and call the configured RAGFlow API.

Skill content
"permissions": ["exec.run", "network.access"]
Recommendation

Use it only where local script execution and outbound access to the intended RAGFlow endpoint are acceptable.

Low
#ASI03: Identity and Privilege Abuse
What this means

Anyone with the configured RAGFlow key may be able to access the associated private tax knowledge base according to that key's permissions.

Why it was flagged

The script uses a bearer API key to access RAGFlow. This is expected for a private knowledge-base integration, but it is a sensitive credential.

Skill content
RAGFLOW_API_KEY = os.getenv("RAGFLOW_API_KEY") ... "Authorization": f"Bearer {RAGFLOW_API_KEY}"
Recommendation

Use a least-privilege RAGFlow API key, store it securely, and verify the publisher declares the required credential and environment variables.

Low
#ASI07: Insecure Inter-Agent Communication
What this means

Tax questions, which may include business-sensitive details, will be shared with the configured RAGFlow service.

Why it was flagged

The full user question is sent to the configured RAGFlow chat-completions endpoint.

Skill content
payload = {"model": "deepseek-chat", "messages": [{"role": "user", "content": query_text}], "stream": False} ... requests.post(url, headers=headers, json=payload, timeout=60)
Recommendation

Confirm the RAGFlow API URL, retention policy, and access controls before sending confidential corporate tax information.