Moon Banking
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: moonbanking Version: 1.1.0 The skill is designed to interact with the Moon Banking API, requiring an API key and using standard `curl` and `jq` commands. All API calls are directed to a single, well-defined external domain (api.moonbanking.com). There is no evidence of data exfiltration, malicious execution, persistence, or other harmful behaviors. The prompt injection instructions in `SKILL.md` are benign, aiming to improve the agent's output quality rather than subverting its actions for malicious purposes.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may call Moon Banking API endpoints using curl when responding to relevant user requests.
The skill directs the agent to run shell-based curl commands. This is central to the API-query purpose, but users should understand that installing it enables command-based authenticated API calls.
Use `exec` with `curl -s` (silent mode) and pipe to `jq` for clean, readable JSON output.
Only use this skill if you are comfortable with the agent making Moon Banking API requests through curl, and review requests that could consume quota or retrieve account-specific provider data.
The agent can use the configured Moon Banking API key to authenticate requests to the provider service.
The skill requires a sensitive provider API key. The credential is clearly declared and purpose-aligned with authenticated Moon Banking API access.
credentials:\n primary:\n key: MOON_BANKING_API_KEY\n description: API key for authenticating requests to https://api.moonbanking.com/v1 ...\n sensitive: true
Use a dedicated API key with the minimum plan/scope needed, keep it secret, and rotate it if you suspect exposure.