Bank of Bots
WarnAudited by ClawScan on May 18, 2026.
Overview
This financial trust/payment skill can use API credentials to send or record transactions, but its credential needs and money-moving actions are not clearly declared or bounded by visible approval controls.
Use this only if you trust Bank of Bots and intentionally want your agent connected to financial rails. Before any send, transfer, payment, wallet funding, or budget change, require explicit confirmation of the amount, destination, rail, fees, and purpose. Store API keys securely, verify the bob CLI source, and understand that transaction proofs may become part of a persistent reputation score.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent has valid credentials, it could complete money-moving actions without a clearly documented review step.
This documents a single command that can both quote and execute a payment. The visible artifact does not add a separate approval requirement before funds move.
### One-shot send (auto-quote + execute) ... `bob send <agent-id> <destination> --amount <n> [--currency BTC]` ... `Quotes then executes in one step.`
Require explicit user confirmation before any send, transfer, payment creation, wallet funding, or budget change, including amount, destination, rail, fees, and reversibility.
The user's Bank of Bots identity and financial authority may be available to the agent without platform-level credential disclosure.
The skill requires delegated API credentials for all API calls, while the registry metadata declares no required env vars or primary credential. Those credentials can authorize the wallet and payment actions described in the same artifact.
Once connected, you need these credentials for all API calls: - `BOB_API_KEY` — your agent API key - `BOB_AGENT_ID` — your agent ID
Declare the credential requirements and scopes clearly, use least-privilege keys, and separate read-only trust-score operations from payment-execution permissions.
Submitted transaction or payment-proof details may become part of a persistent trust score used by third parties.
The skill intentionally creates persistent reputation/payment-proof data that may be reused by other agents or services. This is purpose-aligned, but it involves sensitive financial context and external reuse.
Log transactions and submit payment proofs to build a verifiable BOB Score ... that other agents and services can check
Submit only intended proofs, understand what data is retained or shared, and avoid logging private transaction details unless necessary.
Using an unverified local CLI could expose credentials or execute unintended financial commands.
The artifacts do not include an install spec, pinned package, or source provenance for the optional local CLI. This is not malicious by itself, but users must trust whatever bob binary they install or already have.
You can use the `bob` CLI (optional) or call the REST API directly.
Install the CLI only from the official Bank of Bots source, verify its provenance, and avoid using unknown local binaries.
The agent might over-trust suggested follow-up commands and continue a financial workflow farther than the user intended.
Provider or CLI output can suggest subsequent commands. The artifact does not say to execute them automatically, but in a financial workflow these suggestions should not override the user's intent.
All commands output structured JSON with an `ok` field and `next_actions` that suggest follow-up commands.
Treat next_actions as advisory only and ask the user before running any follow-up that changes balances, payments, policies, or credentials.