George
v1.5.3Automate George online banking (Erste Bank / Sparkasse Austria): login/logout, list accounts, and fetch transactions via Playwright.
⭐ 1· 2.7k·2 current·2 all-time
byOliver Drobnik@odrobnik
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (George banking automation) match the included code and README: the script uses Playwright to log in, list accounts, download exports, and manage tokens. Required binaries (python3, playwright) are appropriate and expected for browser automation.
Instruction Scope
SKILL.md and SETUP.md instruct the agent to run the included python script and describe only relevant operations (login, accounts, transactions, uploads). The runtime instructions and code reference only Playwright, the bank URL, a workspace-based state dir, and optional temp dirs — they do not instruct broad file collection or arbitrary network exfiltration. Data-carrier upload has explicit validation and allowlist checks.
Install Mechanism
This is an instruction-only skill with a bundled script; there is no automated installer. The README recommends installing Playwright and Chromium via pip/playwright, which is the standard distribution path. No arbitrary external download URLs or extract-from-unknown-host patterns are present in metadata.
Credentials
The skill requests no environment secrets and only reads standard environment hints (OPENCLAW_WORKSPACE, OPENCLAW_TMP, PWD). It persists session tokens locally in workspace/george/token.json to avoid repeated 2FA prompts — that is expected behavior for a browser-automation banking tool. There are no unrelated credentials requested.
Persistence & Privilege
always:false and no special privileges are requested. The skill persists Playwright profile and token.json under the workspace directory; the README explicitly recommends logout to clear state. The level of persistence is consistent with a session-caching automation tool.
Assessment
This skill appears to do what it claims, but it will store session state and a cached token under the workspace (e.g., workspace/george/token.json). Before installing or running: (1) ensure Playwright/Chromium are installed from official sources; (2) run the skill on a trusted machine or inside a sandbox (Docker) if you're concerned about stored session tokens; (3) call the provided logout after use to clear the Playwright profile; (4) be mindful when using datacarrier-upload — the script allows uploading files from the current working directory or your home directory, so only provide files you intend to upload. If you need extra assurance, review the full script for any network calls you don't expect (the code primarily targets george.sparkasse.at and captures auth headers for local API use).Like a lobster shell, security has layers — review code before you run it.
latestvk971cvd9vdyyxr2sx3q8pnm8c18279ee
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🏦 Clawdis
Binspython3, playwright