Bank Statement Converter
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent for converting bank statements, but it requires trusting an external API with sensitive financial PDFs, PDF passwords, and an API key.
Before installing, decide whether you trust bankstatementconverter.com with your financial statements and any PDF passwords. Protect the API key like a password, and only run the upload commands on files you intentionally want to process through that external service.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone running the documented commands with this key can act against the bank statement converter account, including viewing user/credit information and consuming conversion credits.
The skill expects a provider API key even though registry metadata lists no required environment variables or primary credential; this is purpose-aligned but should be visible to users.
### Requirements BANKSTATEMENT_API_KEY ... export BANKSTATEMENT_API_KEY="your-api-key-here"
Only set the API key if you trust the provider, keep it secret, and revoke or rotate it if it is exposed or no longer needed.
Sensitive financial documents and document passwords will be transmitted to the external service as part of normal use.
The skill sends bank statement PDFs, and potentially PDF passwords, to an external API endpoint for processing.
-F "file=@/path/to/your/bankstatement.pdf" \ https://api2.bankstatementconverter.com/api/v1/BankStatement ... "password": "yourpdfpassword" ... /setPassword
Use this only for documents you are comfortable sending to that provider, review the provider’s privacy and retention terms, and avoid uploading unrelated sensitive files.