Monzo
v1.0.2Access Monzo bank account - check balance, view transactions, manage pots, send feed notifications. For personal finance queries and banking automation.
⭐ 1· 2k·0 current·0 all-time
byRob@rhesketh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Monzo banking) match what the code does: OAuth setup, balance/transactions/pots/feed/receipts/webhooks via the Monzo API. Required binaries (curl, jq, openssl, bc) are plausible for the CLI scripts, and the single required env var (MONZO_KEYRING_PASSWORD) is used to encrypt credentials stored under ~/.openclaw/credentials/monzo.json.
Instruction Scope
SKILL.md and scripts confine operations to the Monzo API and local credential storage. The setup wizard accepts client id/secret and authorization codes and then stores them (encrypted). Minor notes: the docs suggest multiple ways to provide MONZO_KEYRING_PASSWORD including placing it directly in openclaw.json (plaintext) — the skill warns about the risks but this represents a higher-risk deployment option. The scripts also reference optional env vars (OPENCLAW_CREDENTIALS_DIR, MONZO_API_BASE) that are not declared in requires.env — these are benign but worth knowing.
Install Mechanism
No install spec — the package is instruction/code-only and doesn't download arbitrary binaries. Code files are bundled with the skill; nothing in the manifest indicates fetching code from external, untrusted URLs or executing installers. This is lower risk than remote-installing arbitrary artifacts.
Credentials
The skill only requires a single secret-like env var (MONZO_KEYRING_PASSWORD) which is appropriate: it's used to derive the AES key for encrypting the saved OAuth client secret and tokens. However, the SKILL.md recommends (option A) placing the password directly in OpenClaw config (plaintext) which increases exposure, and the documentation correctly warns about process listing and multi-user systems. The scripts also accept non-declared environment variables (OPENCLAW_CREDENTIALS_DIR, MONZO_API_BASE) as optional overrides — this is reasonable but worth documenting to users.
Persistence & Privilege
always:false (not force-enabled). The skill stores encrypted credentials under the user's home directory (owner-only perms), which is expected for this functionality. It does not request or modify other skills' configs or system-wide settings. The agent-autonomous-invocation default is enabled (normal) but not combined with any unusual privileges.
Assessment
This skill appears coherent for connecting OpenClaw to Monzo. Things to consider before installing:
- Protect MONZO_KEYRING_PASSWORD: prefer injecting it via a secrets manager or environment at runtime, not by putting it in openclaw.json in plaintext. If you must store it in a file, restrict permissions (chmod 600) and avoid committing to version control.
- Credentials on disk: OAuth client secret, access and refresh tokens are encrypted with AES-256-CBC (PBKDF2 100k) and saved under ~/.openclaw/credentials/monzo.json. If an attacker gains OS-level access (root, malware, keylogger), credentials can be compromised — follow the README's advice to revoke the OAuth client immediately in that case.
- Webhooks: only register URLs you control and use HTTPS. An attacker-controlled webhook URL would receive transaction notifications.
- Non-interactive/automation: the setup script supports providing client secrets and auth codes on the command line — avoid putting secrets in shell history or logs; prefer non-logged secret injection.
- Review the bundled scripts yourself (they are included) or run them in a controlled environment first.
If you follow the guidance above (use secrets manager, restrict file permissions, run on machines you control, and review webhook endpoints), the skill is coherent with its stated purpose and can be used safely for Monzo automation.Like a lobster shell, security has layers — review code before you run it.
latestvk97fbc7v29184ar058sehhs3vn811x3p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🏦 Clawdis
Binscurl, jq, openssl, bc
EnvMONZO_KEYRING_PASSWORD
Primary envMONZO_KEYRING_PASSWORD