← 返回 Skills 市场
TaxClaw
作者
Doug Butdorf
· GitHub ↗
· v0.1.1
443
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install taxclaw
功能描述
Extract, store, and export tax documents (W-2, 1099-DA, all 1099 variants, K-1) using AI. Local-first — your documents never leave your machine. Web UI at lo...
安全使用建议
TaxClaw appears internally consistent with its claim to be a local-first tax document extractor. Before installing: (1) Review setup.sh and requirements.txt — setup will create a venv and pip-install packages from PyPI. (2) Confirm you are happy with local storage at ~/.local/share/taxclaw and ~/.config/taxclaw (these will contain sensitive extracted data). (3) Keep cloud mode disabled unless you intentionally set cloud_api_key / ANTHROPIC_API_KEY and set privacy_acknowledged in config.yaml — cloud mode will send excerpts to Anthropic. (4) Optionally inspect the included source (or the GitHub repo referenced in SKILL.md) if you want to audit network/IO behavior before running setup.sh. Overall this skill is coherent and behaves as described, but installing software and dependencies always carries the usual supply-chain and local-data risks.
功能分析
Type: OpenClaw Skill
Name: taxclaw
Version: 0.1.1
The OpenClaw skill 'taxclaw' is designed with strong security and privacy considerations. It is local-first by default, processing all tax documents and extracted data on the user's machine. The optional cloud AI mode is explicitly opt-in, requiring user acknowledgment of privacy implications. The code implements robust defenses against prompt injection by instructing the AI model to treat document content as untrusted data and to ignore embedded instructions (src/ai.py, src/extract.py). File uploads are secured with size limits, extension allowlists, and magic-byte sniffing (src/store.py). The web UI includes CSRF protection and enforces loopback host/origin checks (src/main.py). All network and file system access is aligned with the stated purpose of a local tax document extraction tool, and there is no evidence of intentional harmful behavior, unauthorized data exfiltration, or persistence mechanisms.
能力评估
Purpose & Capability
The skill's name/description (local-first tax document extraction) matches the code and runtime requirements. It legitimately needs Python, PyMuPDF (pymupdf), a web server (FastAPI/uvicorn), and optional local/remote LLM backends. Minor mismatch: registry metadata labelled this as 'instruction-only', but the package actually includes a full codebase and a setup.sh that installs dependencies — so this is more than a pure docs-only skill.
Instruction Scope
SKILL.md and the code limit actions to reading user-supplied uploads, storing data under ~/.local/share/taxclaw, reading/writing ~/.config/taxclaw/config.yaml, and optionally calling a cloud AI if the user enables cloud mode. Prompts explicitly treat document text as untrusted. There are no instructions to read arbitrary system files or phone home by default.
Install Mechanism
There is no registry-level install spec, but the provided setup.sh creates a virtualenv and pip-installs requirements.txt (PyPI). Installing packages from PyPI is typical but does pull third-party packages (anthropic, ollama, etc.) onto disk. This is moderate risk compared with an instruction-only skill; review requirements.txt and optionally inspect package sources before running setup.sh.
Credentials
No required env vars are declared for normal local operation. The code will read ANTHROPIC_API_KEY (env) if cloud mode is used — this is expected and documented as opt-in. No unrelated credentials or unrelated system config paths are requested.
Persistence & Privilege
The skill stores data locally (config in ~/.config/taxclaw and data in ~/.local/share/taxclaw) and creates a virtualenv under the skill folder; it does not demand permanent always-inclusion or elevated system privileges. always: false and agent-autonomy defaults are normal.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install taxclaw - 安装完成后,直接呼叫该 Skill 的名称或使用
/taxclaw触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
Security hardening: CVE-2026-24486 fix (python-multipart>=0.0.22), 50MB upload limit, filename sanitization, magic-byte file type validation, CSRF/origin enforcement, ZIP arcname sanitization, prompt injection defense, security response headers.
v0.1.0
Initial release — W-2, 1099-DA, all 1099 variants, K-1 extraction. Local-first via Ollama, optional cloud mode. Web UI at localhost:8421.
元数据
常见问题
TaxClaw 是什么?
Extract, store, and export tax documents (W-2, 1099-DA, all 1099 variants, K-1) using AI. Local-first — your documents never leave your machine. Web UI at lo... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 443 次。
如何安装 TaxClaw?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install taxclaw」即可一键安装,无需额外配置。
TaxClaw 是免费的吗?
是的,TaxClaw 完全免费(开源免费),可自由下载、安装和使用。
TaxClaw 支持哪些平台?
TaxClaw 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 TaxClaw?
由 Doug Butdorf(@dougbutdorf)开发并维护,当前版本 v0.1.1。
推荐 Skills