Back to skill
Skillv1.0.0
ClawScan security
Konto API · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 28, 2026, 1:12 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally coherent: it queries a Konto API using a user-provided API key and URL; the included scripts and docs match that purpose, with only minor metadata omissions.
- Guidance
- This skill appears to do what it says (call Konto API endpoints) and needs an API key and base URL. Before installing: (1) Be aware the SKILL.md asks you to store KONTO_API_KEY and KONTO_URL in ~/.openclaw/secrets/konto.env even though the registry metadata doesn't list them — the metadata omission is benign but confusing. (2) Only use an API key issued by a trusted Konto instance; confirm KONTO_URL is correct (default points at konto.angelstreet.io). (3) Limit file permissions on the secrets file (chmod 600) or use your platform's secret manager instead of a plaintext file. (4) The skill can call analytics endpoints if you supply an analytics-scoped key — only provide that key if you intend cross-user analytics. (5) The source/homepage is unknown; if you need stronger assurance, validate the owner identity or run the script in an isolated environment before giving it real credentials.
Review Dimensions
- Purpose & Capability
- noteName/description (personal finance access) match the included scripts and API docs. Minor inconsistency: the registry metadata declares no required environment variables or primary credential, but the SKILL.md and scripts clearly expect KONTO_API_KEY and KONTO_URL.
- Instruction Scope
- okRuntime instructions are explicit: source ~/.openclaw/secrets/konto.env and call Konto endpoints with curl. The skill reads only that secrets file and its included workspace script; it also documents analytics endpoints which require a separate analytics-scoped key. No unexpected file reads, broad system probing, or exfil endpoints beyond the configured KONTO_URL.
- Install Mechanism
- okNo install spec; this is instruction-only plus a small bash helper script included in the package. Risk is low because nothing is downloaded or extracted during install.
- Credentials
- noteThe behavior requires KONTO_API_KEY and KONTO_URL (and optionally an analytics-scoped key) which are proportionate to the stated functionality. However, the skill registry did not declare these required env vars or a primary credential — a metadata omission that can mislead users about what secrets are needed.
- Persistence & Privilege
- okalways is false and model invocation is allowed (platform default). The skill does not request persistent system-wide privileges or modify other skills; it only reads a user-held secrets file and runs curl from the included script.