Back to skill
Skillv1.0.3
ClawScan security
FinTS Banking · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 17, 2026, 5:54 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements, install step, and runtime instructions align with its stated purpose (a FinTS CLI wrapper) and include explicit safety checks for transfers.
- Guidance
- This skill is internally consistent with its stated purpose: it wraps a local FinTS CLI and provides a cautious playbook for banking operations. Before installing: (1) verify the fints-agent-cli package source (review the linked GitHub repo and the 'uv' package registry entry), (2) only allow installation after confirming you trust that binary, (3) ensure your agent cannot autonomously approve transfers (or that you accept the explicit-phrase approval mechanism in the playbook), and (4) be aware the skill will interact with your system keychain and local config/state files (onboard, reset-local, bootstrap). The static scanner found no code to analyze (instruction-only), so manual review of the upstream binary and repo is the important next step.
Review Dimensions
- Purpose & Capability
- okName/description match the actual requirements and behavior: the skill expects a local CLI (fints-agent-cli) and the SKILL.md instructs using that binary. No unrelated environment variables or unexpected services are requested.
- Instruction Scope
- okRuntime instructions are narrowly focused on using the fints-agent-cli for provider discovery, onboarding, accounts, transactions, and transfers. The playbook includes explicit, deterministic steps and a strict transfer approval flow (dry-run + explicit phrase). It mentions keychain usage only for storing PINs and warns against logging or passing the PIN on the command line.
- Install Mechanism
- noteThe install spec uses a 'uv' package (package: fints-agent-cli) that creates the fints-agent-cli binary. This is coherent with the skill's purpose, but installing a binary from a package registry carries moderate risk—review the upstream GitHub repo (provided) and the package source before allowing installation.
- Credentials
- okNo environment variables or unrelated credentials are requested. The only sensitive interaction is with the system keychain for PIN storage, which is appropriate for a banking CLI. The SKILL.md enforces not passing PINs on the CLI and not logging them.
- Persistence & Privilege
- okThe skill is user-invocable, not always-enabled, and does not request persistent elevated privileges or modify other skills. It can execute local CLI commands (expected). Since the platform allows autonomous invocation by default, users should verify agent autonomy settings, but that is not a problem specific to this skill.