ClawHub

FinTS Banking

v1.0.3

Support for German personal online banking following FinTS banking standard. Out of the box support for many german banks. Uses system keychain to keep crede...

2· 636·1 current·1 all-time
byHagen Hoferichter@h4gen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual requirements and behavior: the skill expects a local CLI (fints-agent-cli) and the SKILL.md instructs using that binary. No unrelated environment variables or unexpected services are requested.
Instruction Scope
Runtime instructions are narrowly focused on using the fints-agent-cli for provider discovery, onboarding, accounts, transactions, and transfers. The playbook includes explicit, deterministic steps and a strict transfer approval flow (dry-run + explicit phrase). It mentions keychain usage only for storing PINs and warns against logging or passing the PIN on the command line.
Install Mechanism
The install spec uses a 'uv' package (package: fints-agent-cli) that creates the fints-agent-cli binary. This is coherent with the skill's purpose, but installing a binary from a package registry carries moderate risk—review the upstream GitHub repo (provided) and the package source before allowing installation.
Credentials
No environment variables or unrelated credentials are requested. The only sensitive interaction is with the system keychain for PIN storage, which is appropriate for a banking CLI. The SKILL.md enforces not passing PINs on the CLI and not logging them.
Persistence & Privilege
The skill is user-invocable, not always-enabled, and does not request persistent elevated privileges or modify other skills. It can execute local CLI commands (expected). Since the platform allows autonomous invocation by default, users should verify agent autonomy settings, but that is not a problem specific to this skill.
Assessment
This skill is internally consistent with its stated purpose: it wraps a local FinTS CLI and provides a cautious playbook for banking operations. Before installing: (1) verify the fints-agent-cli package source (review the linked GitHub repo and the 'uv' package registry entry), (2) only allow installation after confirming you trust that binary, (3) ensure your agent cannot autonomously approve transfers (or that you accept the explicit-phrase approval mechanism in the playbook), and (4) be aware the skill will interact with your system keychain and local config/state files (onboard, reset-local, bootstrap). The static scanner found no code to analyze (instruction-only), so manual review of the upstream binary and repo is the important next step.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cj5yjzfvxxaq4qq25s8933181a5g6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏦 Clawdis
Binsfints-agent-cli

Install

Install fints-agent-cli (uv)
Bins: fints-agent-cli
uv tool install fints-agent-cli

Comments