Bank Statement Converter
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: bank-statement-converter Version: 1.0.1 The skill bundle is designed to convert PDF bank statements to CSV/JSON by interacting with the `bankstatementconverter.com` API. All `curl` commands in `SKILL.md` are directed to this specific domain and use the provided `BANKSTATEMENT_API_KEY` for authorization. While the skill handles highly sensitive data (bank statements and potentially PDF passwords), this is explicitly stated as its core functionality. There is no evidence of data exfiltration to unauthorized third parties, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts designed to make the agent perform actions beyond the stated purpose. The skill's behavior is transparent and aligned with its description.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone running the documented commands with this key can act against the bank statement converter account, including viewing user/credit information and consuming conversion credits.
The skill expects a provider API key even though registry metadata lists no required environment variables or primary credential; this is purpose-aligned but should be visible to users.
### Requirements BANKSTATEMENT_API_KEY ... export BANKSTATEMENT_API_KEY="your-api-key-here"
Only set the API key if you trust the provider, keep it secret, and revoke or rotate it if it is exposed or no longer needed.
Sensitive financial documents and document passwords will be transmitted to the external service as part of normal use.
The skill sends bank statement PDFs, and potentially PDF passwords, to an external API endpoint for processing.
-F "file=@/path/to/your/bankstatement.pdf" \ https://api2.bankstatementconverter.com/api/v1/BankStatement ... "password": "yourpdfpassword" ... /setPassword
Use this only for documents you are comfortable sending to that provider, review the provider’s privacy and retention terms, and avoid uploading unrelated sensitive files.