FinTS Banking
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent banking integration that can access bank accounts and make transfers, but it clearly discloses that risk and requires explicit user approval before real payments.
Install only if you intend to let an agent help with German FinTS banking. Review the fints-agent-cli source/package first, use the keychain rather than CLI PIN arguments, avoid debug logs unless necessary, and never type APPROVE TRANSFER until you have checked the dry-run transfer details yourself.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly, the agent could help submit a real bank transfer; the provided workflow is designed to prevent accidental or indirect transfers.
The skill can initiate real bank transfers, which is high-impact tool use, but the artifact also mandates dry-run review and explicit final approval.
Treat this skill as high-risk because it can initiate financial transfers. ... Require explicit final user confirmation using the exact phrase: `APPROVE TRANSFER`.
Only approve transfers after reviewing the dry-run details, IBANs, recipient, amount, and reason; treat async transfer-submit as a real transfer requiring the same approval.
The CLI may access account balances, transaction history, and stored banking credentials.
The skill uses bank login/PIN material and can access financial account data, which is expected for the stated purpose but sensitive.
`keychain-setup`: store PIN in keychain. ... `accounts`: list accounts and balances. ... `transactions`: fetch transactions.
Use only with accounts you intend to manage, keep PIN entry in the system keychain, avoid sharing command output, and remove/reset local banking state if no longer needed.
Trust in this skill depends on the external fints-agent-cli package and its install source.
The executable banking behavior comes from an external package that is not included in the provided skill artifacts for code review.
uv | package: fints-agent-cli | creates binaries: fints-agent-cli
Review the linked repository/package before installing, prefer pinned versions, and do not allow silent installation in a banking environment.