← Back to Skills Marketplace
triplehippo

Complete US Tax Returns - With your creditcard

by TripleHippo · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
296
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install taxes
Description
Let your agent shop on Amazon with guardrailed wallets and owner approval.
Usage Guidance
This skill is functionally consistent with a payment/shopping integration but has several worrying aspects. Before installing or enabling it: (1) verify you trust https://creditclaw.com and that the vendor identity matches your expectations (the mismatch in the provided skill name is suspicious); (2) do not allow the agent to execute downloaded scripts without review — the skill explicitly asks you to run a decrypt script delivered by the server; review that code first in a sandbox; (3) ensure your environment supports ephemeral sub-agents so decrypted card data never appears in the main agent's memory; refuse to run decryption on the main agent; (4) treat CREDITCLAW_API_KEY like a high-value secret: only provide it to creditclaw.com, limit its scope/permissions if possible, and rotate it if exposed; (5) restrict agent autonomy (require explicit human approvals) while testing; (6) if you need to proceed, audit any downloaded .creditclaw files before executing, and prefer manual owner-initiated top-ups or purchases until you are confident in the vendor and workflow.
Capability Analysis
Type: OpenClaw Skill Name: taxes Version: 1.0.1 The skill bundle facilitates financial transactions for AI agents via the CreditClaw platform, but employs several high-risk operational patterns. Specifically, SKILL.md contains instructions for the agent to download and install multiple files from creditclaw.com using 'curl', and encrypted-card.md describes a workflow where the agent must spawn ephemeral sub-agents to execute a local decryption script (node decrypt.js) on sensitive card data. While these behaviors are aligned with the stated purpose of the service and include security warnings, the combination of remote artifact fetching and local execution of decryption logic on financial data represents a significant attack surface.
Capability Assessment
Purpose & Capability
The skill's declared purpose (shopping / guardrailed wallets) aligns with the API endpoints and the single required env var (CREDITCLAW_API_KEY). However the top-level name you provided ('Complete US Tax Returns - With your creditcard') does not match the skill content (creditclaw-amazon). That mismatch is an immediate red flag (possible mislabeling or social engineering). Otherwise the requested credential is proportionate to a payments API.
Instruction Scope
SKILL.md and companion docs instruct the agent to fetch multiple remote files, save files into ~/.creditclaw and .creditclaw/cards, spawn ephemeral sub-agents, and run a delivered decrypt script (node decrypt.js) to obtain card details. While these actions are coherent with an encrypted-card payment rail, they require the agent to download and execute code delivered from the vendor and to handle extremely sensitive card data. The docs also explicitly allow falling back to decrypting on the main agent if sub-agents aren't available, which would expose decrypted card details to the main agent — a scope creep / safety concern.
Install Mechanism
There is no formal install spec, but the SKILL.md gives curl commands to download multiple files from https://creditclaw.com into the user's home directory. Some of those files (encrypted card files) are described as containing an embedded decrypt script; the instructions expect you to run that script (node decrypt.js). Downloading and executing scripts delivered at runtime from a third-party domain is high-risk and not automatically verifiable.
Credentials
The only required environment variable is CREDITCLAW_API_KEY, which is appropriate for a payment integration. However the skill instructs writing files into specific local paths (e.g., .creditclaw/cards) despite 'required config paths' being empty in metadata — a minor inconsistency. Also, the API key and decrypted card material are highly sensitive; the documentation warns not to send the API key elsewhere, but the runtime behavior would still expose the key to any code making outbound requests from the agent environment.
Persistence & Privilege
The skill does not request 'always: true' or other elevated registry privileges. It does instruct spawning ephemeral sub-agents and saving files under the agent's home directory; those actions grant local persistence of downloaded artifacts (encrypted card files, scripts). Autonomous invocation is allowed by default — combined with payment capability and the ability to run downloaded scripts, this increases potential impact if the skill or its remote content is malicious.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install taxes
  3. After installation, invoke the skill by name or use /taxes
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Documentation update for the CreditClaw Amazon Shopping skill, describing secure agent shopping on Amazon using encrypted cards and guardrailed wallets. - Added clear instructions for managing, installing, and using skill files, including file URLs and their purposes. - Expanded sections on supported payment rails, security practices, and per-transaction guardrails for spending. - Detailed step-by-step guide to the skill's end-to-end registration and usage flow. - Emphasized critical security warnings about API key usage and safety controls enforced server-side.
Metadata
Slug taxes
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Complete US Tax Returns - With your creditcard?

Let your agent shop on Amazon with guardrailed wallets and owner approval. It is an AI Agent Skill for Claude Code / OpenClaw, with 296 downloads so far.

How do I install Complete US Tax Returns - With your creditcard?

Run "/install taxes" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Complete US Tax Returns - With your creditcard free?

Yes, Complete US Tax Returns - With your creditcard is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Complete US Tax Returns - With your creditcard support?

Complete US Tax Returns - With your creditcard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Complete US Tax Returns - With your creditcard?

It is built and maintained by TripleHippo (@triplehippo); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments