Tulebank
WarnAudited by ClawScan on May 10, 2026.
Overview
TuleBank is a disclosed money-transfer skill, but it relies on an unreviewed external CLI/proxy and handles sensitive financial account flows with unclear boundaries.
Install only if you trust the `tulebank` binary and its proxy operator. Before using it, verify where credentials and beneficiary data are stored, confirm every financial action yourself, and avoid providing OTPs or funding wallets unless the provider and installation source are known and trusted.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You would be trusting an unknown local executable and its backend proxy to handle wallet setup, account data, and money movement.
The skill's financial operations depend on an external `tulebank` executable, but the reviewed artifacts provide no source, installation provenance, or code to inspect.
Source: unknown; Homepage: none ... No install spec — this is an instruction-only skill ... No code files present ... Required binaries: tulebank
Only use this if you obtained the `tulebank` binary from a trusted, verified source. The publisher should provide source/provenance, pinned installation instructions, and documentation for the proxy.
A mistaken or overly proactive agent action could create financial sessions, alter beneficiary/account state, or swap assets before you intended it.
The skill exposes CLI commands that can move or transform funds. It clearly requires confirmation for `send`, but the visible rules do not clearly require the same explicit approval before every swap, on-ramp creation, or beneficiary/account mutation.
ALWAYS confirm ... before executing `tulebank send` ... Use `tulebank swap` ... Use `tulebank onramp quote/create/status` ... After every send, swap, or on-ramp create, call `tulebank history`
Require explicit user confirmation for every money-moving or account-changing action, including swaps, on-ramp creation, beneficiary creation, and use of any prompt-skipping option.
Installing and using this skill may give the CLI/proxy access to your financial identity, wallet authority, and session credentials.
The skill involves delegated wallet setup, local API-key storage, and OTP-based account validation for a financial service, but the artifacts do not bound the credential scope, storage path, or control model.
Creates a CDP smart wallet on Base via the proxy (no local credentials needed). ... generates a per-user API key, and saves it to config ... ask the human for the 6-digit code
Verify how wallet control, API keys, OTPs, and account access are protected before use. Do not provide OTPs or fund a wallet unless you trust the CLI and proxy operator.
Sensitive signup, wallet, beneficiary, and transaction data may pass through a proxy whose trust boundary is not documented in the reviewed artifacts.
The financial workflow depends on a proxy/gateway that handles provider credentials, but the artifact does not identify the proxy endpoint, operator, permission boundary, or data-handling guarantees.
`tulebank` CLI, which talks to a proxy that handles Ripio Ramps API credentials
Use only with a proxy/operator you trust. The publisher should document the proxy identity, data flows, retention, and security controls.
Beneficiary names, CUITs, bank details, and aliases may remain on the device and be reused in later tasks.
Beneficiary management appears purpose-aligned, but the skill stores sensitive beneficiary identity and bank metadata locally without specifying the storage location or retention behavior.
Creates a fiat account via the proxy ... then saves locally ... metadata includes name, CUIT, and bank
Review where the CLI stores beneficiary data, restrict access to that device/config, and delete stored records when no longer needed.