Revolut Business
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and authenticating this skill can give the agent ongoing access to business account data and authorized Revolut API actions.
The skill needs persistent credentials and OAuth tokens for a business banking account, while the registry metadata says there is no primary credential or required env var. That under-declares the privilege boundary a user is granting.
Stored in `~/.clawdbot/revolut/`: - `private.pem` — RSA private key (for JWT signing) - `tokens.json` — OAuth tokens (auto-managed) ... Environment variables (in `.env`): - `REVOLUT_CLIENT_ID`
Declare the required credentials/env vars in metadata, document the exact API scopes/permissions requested, and advise users to use the least-privileged Revolut certificate and protect the token directory.
If invoked incorrectly or too broadly, the agent could initiate payments, exchange funds, or transfer money between business accounts.
The skill exposes money-moving and currency-exchange operations, including a documented no-confirm payment path, without clear artifact-level rules requiring explicit user approval for every high-impact transaction.
# Send payment (with confirmation prompt)
python3 {baseDir}/scripts/revolut.py pay ...
# Skip confirmation
python3 {baseDir}/scripts/revolut.py pay ... -y
...
python3 {baseDir}/scripts/revolut.py exchange --amount 100 --sell EUR --buy USD
...
python3 {baseDir}/scripts/revolut.py transfer --from-account <ID> --to-account <ID> --amount 100Require explicit per-transaction user approval, discourage or disable `--yes` for agent use, and document confirmation behavior for FX and internal transfers.
During setup, a crafted or copied value could run arbitrary shell commands on the user's machine.
Interactive values such as certificate common name, organization, and country are interpolated into a shell command executed with shell=True. Shell metacharacters in those fields could execute unintended local commands.
def run(cmd):
return subprocess.run(cmd, shell=True, capture_output=True, text=True)
...
r = run(f'openssl req -new -x509 -key "{PRIVATE_KEY}" -out "{CERTIFICATE}" '
f'-days 730 -subj "/CN={cn}/O={org}/C={country}"')Use subprocess.run with an argument list and shell=False, validate certificate fields, and avoid placing user input inside shell command strings.