Moon Banking
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only API skill that uses a declared Moon Banking API key and curl/jq to query the Moon Banking service, with no artifact evidence of hidden or mismatched behavior.
Before installing, confirm you trust Moon Banking and are willing to let the agent use your MOON_BANKING_API_KEY to make API requests. The artifacts do not show hidden code, persistence, credential theft, or behavior outside the stated API-query purpose.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may call Moon Banking API endpoints using curl when responding to relevant user requests.
The skill directs the agent to run shell-based curl commands. This is central to the API-query purpose, but users should understand that installing it enables command-based authenticated API calls.
Use `exec` with `curl -s` (silent mode) and pipe to `jq` for clean, readable JSON output.
Only use this skill if you are comfortable with the agent making Moon Banking API requests through curl, and review requests that could consume quota or retrieve account-specific provider data.
The agent can use the configured Moon Banking API key to authenticate requests to the provider service.
The skill requires a sensitive provider API key. The credential is clearly declared and purpose-aligned with authenticated Moon Banking API access.
credentials:\n primary:\n key: MOON_BANKING_API_KEY\n description: API key for authenticating requests to https://api.moonbanking.com/v1 ...\n sensitive: true
Use a dedicated API key with the minimum plan/scope needed, keep it secret, and rotate it if you suspect exposure.