Banking
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: banking Version: 1.0.0 The OpenClaw Banking skill bundle is benign. All files, including the SKILL.md and other markdown instructions, consistently emphasize security, compliance, and conservative operational guidance. SKILL.md explicitly states that the skill does not make network calls, access bank portals, execute fund transfers automatically, or modify files outside `~/banking/`. Furthermore, it instructs the AI agent to refuse requests that circumvent approvals, customer consent, or regulatory safeguards, and to escalate high-risk situations. There is no evidence of prompt injection, data exfiltration, malicious execution, or persistence mechanisms.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user applies the guidance directly in real banking operations, mistakes could affect payments or account handling.
The skill provides guidance for payment workflows, which can affect funds if followed operationally. The same artifact requires authority checks and approvals, making this purpose-aligned but still worth user attention.
Before any transfer flow: ... Confirm sender authority and account status. ... Verify required approvals were completed.
Use this as a structured checklist only; keep actual fund movement, freezes, holds, and approvals inside official bank systems and human-controlled procedures.
Local memory could expose sensitive operational context to anyone with access to those files, and stale or incorrect notes could influence later banking guidance.
The skill stores persistent local banking context, including incident notes and payment controls, for reuse across sessions. It also limits storage to local notes and warns not to store full account numbers or authentication data.
Memory lives in `~/banking/`... incidents.md ... payment-controls.md ... communication-notes.md
Keep the `~/banking/` notes minimal, avoid account numbers, credentials, and personal identifiers, and periodically review or delete outdated incident and control information.