Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
SimpleFIN Bank Connection
v1.0.2Connects to bank accounts and fetches financial transactions via the SimpleFIN API. Use when the user wants to check bank balances, review recent transaction...
⭐ 0· 74·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description align with the script and docs: the skill claims to use the SimpleFIN Bridge flow and the included Node.js script implements that flow (claim token, call /accounts, list transactions). Minor mismatch: SKILL.md references checking an environment variable (SIMPLEFIN_ACCESS_URL in openclaw.json) and a workspace file (memory/simplefin_url.txt), but the package metadata declares no required env vars — this is an undocumented expectation rather than a fatal inconsistency.
Instruction Scope
Runtime instructions tell the agent to prompt for a Setup Token, run the provided Node.js script to exchange it for an Access URL, and save that URL to memory/simplefin_url.txt. That means the agent will collect and persist sensitive credentials. The SKILL.md also references env/config locations that are not declared. The script executes shell curl commands via child_process.execSync with interpolated strings (claim URL and access URL-derived requests), which risks command injection if inputs are not strictly trusted/validated.
Install Mechanism
There is no install spec (instruction-only style) and a single included script file. That minimizes install-time risk, but the runtime behavior (shelling out to curl from Node via execSync) is a code-level risk and should be audited before use.
Credentials
The skill requires no external credentials in its metadata, which is proportionate. However, the workflow produces and requires storing an Access URL containing HTTP basic-auth credentials (username:password in the URL). The skill advises saving that Access URL in plaintext at memory/simplefin_url.txt — this is sensitive and not addressed in the declared requirements or guidance for secure storage.
Persistence & Privilege
always:false and no OS restrictions — the skill does not demand permanent forced presence. It instructs saving the Access URL to the workspace (memory/simplefin_url.txt), which is normal for credentials caching but should be considered sensitive. The skill does not modify other skills or global agent config per the provided files.
What to consider before installing
This skill appears to do what it claims, but take these precautions before installing: (1) Only use it if you trust bridge.simplefin.org and the Setup Token source. (2) Inspect and/or run the included script in a sandbox: it uses execSync to call curl with unescaped input (possible command injection) — prefer replacing shell calls with Node's https/http or a vetted HTTP library. (3) Don’t store the returned Access URL in an insecure plaintext file on shared systems; treat it as a secret (use secure storage or secrets manager). (4) Note SKILL.md mentions an env variable (SIMPLEFIN_ACCESS_URL) that isn't declared — if you rely on that, ensure it's set securely. (5) If you lack confidence in the script, ask the developer for a version that avoids shell execution and documents secure storage/rotation of the Access URL. If you decide to proceed, limit the skill's use to explicit, user-invoked actions and avoid granting it any broader unattended access to sensitive data.scripts/simplefin_api.js:26
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk972648qd1skgmyc1dmp7c7x8183fc3n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.