← Back to Skills Marketplace
TaxClaw
by
Doug Butdorf
· GitHub ↗
· v0.1.1
443
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install taxclaw
Description
Extract, store, and export tax documents (W-2, 1099-DA, all 1099 variants, K-1) using AI. Local-first — your documents never leave your machine. Web UI at lo...
Usage Guidance
TaxClaw appears internally consistent with its claim to be a local-first tax document extractor. Before installing: (1) Review setup.sh and requirements.txt — setup will create a venv and pip-install packages from PyPI. (2) Confirm you are happy with local storage at ~/.local/share/taxclaw and ~/.config/taxclaw (these will contain sensitive extracted data). (3) Keep cloud mode disabled unless you intentionally set cloud_api_key / ANTHROPIC_API_KEY and set privacy_acknowledged in config.yaml — cloud mode will send excerpts to Anthropic. (4) Optionally inspect the included source (or the GitHub repo referenced in SKILL.md) if you want to audit network/IO behavior before running setup.sh. Overall this skill is coherent and behaves as described, but installing software and dependencies always carries the usual supply-chain and local-data risks.
Capability Analysis
Type: OpenClaw Skill
Name: taxclaw
Version: 0.1.1
The OpenClaw skill 'taxclaw' is designed with strong security and privacy considerations. It is local-first by default, processing all tax documents and extracted data on the user's machine. The optional cloud AI mode is explicitly opt-in, requiring user acknowledgment of privacy implications. The code implements robust defenses against prompt injection by instructing the AI model to treat document content as untrusted data and to ignore embedded instructions (src/ai.py, src/extract.py). File uploads are secured with size limits, extension allowlists, and magic-byte sniffing (src/store.py). The web UI includes CSRF protection and enforces loopback host/origin checks (src/main.py). All network and file system access is aligned with the stated purpose of a local tax document extraction tool, and there is no evidence of intentional harmful behavior, unauthorized data exfiltration, or persistence mechanisms.
Capability Assessment
Purpose & Capability
The skill's name/description (local-first tax document extraction) matches the code and runtime requirements. It legitimately needs Python, PyMuPDF (pymupdf), a web server (FastAPI/uvicorn), and optional local/remote LLM backends. Minor mismatch: registry metadata labelled this as 'instruction-only', but the package actually includes a full codebase and a setup.sh that installs dependencies — so this is more than a pure docs-only skill.
Instruction Scope
SKILL.md and the code limit actions to reading user-supplied uploads, storing data under ~/.local/share/taxclaw, reading/writing ~/.config/taxclaw/config.yaml, and optionally calling a cloud AI if the user enables cloud mode. Prompts explicitly treat document text as untrusted. There are no instructions to read arbitrary system files or phone home by default.
Install Mechanism
There is no registry-level install spec, but the provided setup.sh creates a virtualenv and pip-installs requirements.txt (PyPI). Installing packages from PyPI is typical but does pull third-party packages (anthropic, ollama, etc.) onto disk. This is moderate risk compared with an instruction-only skill; review requirements.txt and optionally inspect package sources before running setup.sh.
Credentials
No required env vars are declared for normal local operation. The code will read ANTHROPIC_API_KEY (env) if cloud mode is used — this is expected and documented as opt-in. No unrelated credentials or unrelated system config paths are requested.
Persistence & Privilege
The skill stores data locally (config in ~/.config/taxclaw and data in ~/.local/share/taxclaw) and creates a virtualenv under the skill folder; it does not demand permanent always-inclusion or elevated system privileges. always: false and agent-autonomy defaults are normal.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install taxclaw - After installation, invoke the skill by name or use
/taxclaw - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
Security hardening: CVE-2026-24486 fix (python-multipart>=0.0.22), 50MB upload limit, filename sanitization, magic-byte file type validation, CSRF/origin enforcement, ZIP arcname sanitization, prompt injection defense, security response headers.
v0.1.0
Initial release — W-2, 1099-DA, all 1099 variants, K-1 extraction. Local-first via Ollama, optional cloud mode. Web UI at localhost:8421.
Metadata
Frequently Asked Questions
What is TaxClaw?
Extract, store, and export tax documents (W-2, 1099-DA, all 1099 variants, K-1) using AI. Local-first — your documents never leave your machine. Web UI at lo... It is an AI Agent Skill for Claude Code / OpenClaw, with 443 downloads so far.
How do I install TaxClaw?
Run "/install taxclaw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is TaxClaw free?
Yes, TaxClaw is completely free (open-source). You can download, install and use it at no cost.
Which platforms does TaxClaw support?
TaxClaw is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created TaxClaw?
It is built and maintained by Doug Butdorf (@dougbutdorf); the current version is v0.1.1.
More Skills