← 返回 Skills 市场
Complete US Tax Returns - With your creditcard
作者
TripleHippo
· GitHub ↗
· v1.0.1
· MIT-0
296
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install taxes
功能描述
Let your agent shop on Amazon with guardrailed wallets and owner approval.
安全使用建议
This skill is functionally consistent with a payment/shopping integration but has several worrying aspects. Before installing or enabling it: (1) verify you trust https://creditclaw.com and that the vendor identity matches your expectations (the mismatch in the provided skill name is suspicious); (2) do not allow the agent to execute downloaded scripts without review — the skill explicitly asks you to run a decrypt script delivered by the server; review that code first in a sandbox; (3) ensure your environment supports ephemeral sub-agents so decrypted card data never appears in the main agent's memory; refuse to run decryption on the main agent; (4) treat CREDITCLAW_API_KEY like a high-value secret: only provide it to creditclaw.com, limit its scope/permissions if possible, and rotate it if exposed; (5) restrict agent autonomy (require explicit human approvals) while testing; (6) if you need to proceed, audit any downloaded .creditclaw files before executing, and prefer manual owner-initiated top-ups or purchases until you are confident in the vendor and workflow.
功能分析
Type: OpenClaw Skill
Name: taxes
Version: 1.0.1
The skill bundle facilitates financial transactions for AI agents via the CreditClaw platform, but employs several high-risk operational patterns. Specifically, SKILL.md contains instructions for the agent to download and install multiple files from creditclaw.com using 'curl', and encrypted-card.md describes a workflow where the agent must spawn ephemeral sub-agents to execute a local decryption script (node decrypt.js) on sensitive card data. While these behaviors are aligned with the stated purpose of the service and include security warnings, the combination of remote artifact fetching and local execution of decryption logic on financial data represents a significant attack surface.
能力评估
Purpose & Capability
The skill's declared purpose (shopping / guardrailed wallets) aligns with the API endpoints and the single required env var (CREDITCLAW_API_KEY). However the top-level name you provided ('Complete US Tax Returns - With your creditcard') does not match the skill content (creditclaw-amazon). That mismatch is an immediate red flag (possible mislabeling or social engineering). Otherwise the requested credential is proportionate to a payments API.
Instruction Scope
SKILL.md and companion docs instruct the agent to fetch multiple remote files, save files into ~/.creditclaw and .creditclaw/cards, spawn ephemeral sub-agents, and run a delivered decrypt script (node decrypt.js) to obtain card details. While these actions are coherent with an encrypted-card payment rail, they require the agent to download and execute code delivered from the vendor and to handle extremely sensitive card data. The docs also explicitly allow falling back to decrypting on the main agent if sub-agents aren't available, which would expose decrypted card details to the main agent — a scope creep / safety concern.
Install Mechanism
There is no formal install spec, but the SKILL.md gives curl commands to download multiple files from https://creditclaw.com into the user's home directory. Some of those files (encrypted card files) are described as containing an embedded decrypt script; the instructions expect you to run that script (node decrypt.js). Downloading and executing scripts delivered at runtime from a third-party domain is high-risk and not automatically verifiable.
Credentials
The only required environment variable is CREDITCLAW_API_KEY, which is appropriate for a payment integration. However the skill instructs writing files into specific local paths (e.g., .creditclaw/cards) despite 'required config paths' being empty in metadata — a minor inconsistency. Also, the API key and decrypted card material are highly sensitive; the documentation warns not to send the API key elsewhere, but the runtime behavior would still expose the key to any code making outbound requests from the agent environment.
Persistence & Privilege
The skill does not request 'always: true' or other elevated registry privileges. It does instruct spawning ephemeral sub-agents and saving files under the agent's home directory; those actions grant local persistence of downloaded artifacts (encrypted card files, scripts). Autonomous invocation is allowed by default — combined with payment capability and the ability to run downloaded scripts, this increases potential impact if the skill or its remote content is malicious.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install taxes - 安装完成后,直接呼叫该 Skill 的名称或使用
/taxes触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Documentation update for the CreditClaw Amazon Shopping skill, describing secure agent shopping on Amazon using encrypted cards and guardrailed wallets.
- Added clear instructions for managing, installing, and using skill files, including file URLs and their purposes.
- Expanded sections on supported payment rails, security practices, and per-transaction guardrails for spending.
- Detailed step-by-step guide to the skill's end-to-end registration and usage flow.
- Emphasized critical security warnings about API key usage and safety controls enforced server-side.
元数据
常见问题
Complete US Tax Returns - With your creditcard 是什么?
Let your agent shop on Amazon with guardrailed wallets and owner approval. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 296 次。
如何安装 Complete US Tax Returns - With your creditcard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install taxes」即可一键安装,无需额外配置。
Complete US Tax Returns - With your creditcard 是免费的吗?
是的,Complete US Tax Returns - With your creditcard 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Complete US Tax Returns - With your creditcard 支持哪些平台?
Complete US Tax Returns - With your creditcard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Complete US Tax Returns - With your creditcard?
由 TripleHippo(@triplehippo)开发并维护,当前版本 v1.0.1。
推荐 Skills