raiffeisen-elba
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly transparent about banking automation, but it handles bank credentials/session tokens and includes an under-documented bulk bank-document download helper, so it needs careful review before use.
Treat this as a high-sensitivity banking automation skill, not a general utility. Audit the code before using real credentials, consider removing the document-download helpers if you do not need them, keep config.json private, approve only expected pushTAN prompts, and always run logout when finished.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user expecting account balances and transactions may not realize the skill also includes code capable of retrieving many bank documents or statements using the same login session.
This included executable helper can use the authenticated banking session to bulk download bank documents. The main SKILL.md command list covers login, accounts, transactions, portfolio, and logout, so document download is a sensitive capability that is not clearly disclosed in the primary usage instructions.
Download all collected documents via API ... print(f"\n[main] Starting download of {len(documents)} documents...")Document this capability prominently in SKILL.md, require explicit user confirmation and date/account scope for document downloads, or remove the helper scripts if they are not intended to be part of the skill.
After you approve 2FA, the automation can reuse the authenticated session token to retrieve bank data without asking for the PIN again for each operation.
The skill intentionally uses browser automation to capture a bank bearer token for internal API calls. This is disclosed and purpose-aligned, but it is a powerful session-handling pattern.
Fallback: If not found in storage, the skill uses Playwright's page.route() to observe outgoing API requests within the same browser context and capture the Authorization: Bearer ... header.
Run it only in a trusted local environment, approve pushTAN only for actions you initiated, and avoid using real credentials unless you are comfortable with this token-handling approach.
If logout is not run, local browser cookies/session state and a cached token may remain on disk and could allow later access to bank data from the same environment.
Sensitive session material is persisted locally between commands. The artifacts describe restrictive permissions and logout cleanup, but the data remains available until cleanup occurs.
Bearer Token | .pw-profile/token.json | 0600 | Ephemeral (minutes); deleted on logout ... Browser Session | .pw-profile/ | 0700 | Ephemeral; deleted on logout
Always run the logout command after use, keep the workspace private, and consider deleting .pw-profile manually if any command fails before logout.
You will install current versions of third-party packages and a browser runtime, which can change over time.
The setup uses user-run package and browser installation commands without pinned versions or a lockfile. This is normal for a Playwright-based skill, but it depends on external package provenance at install time.
pip3 install requests playwright ... python3 -m playwright install chromium
Use a virtual environment, pin known-good package versions where possible, and install from trusted package indexes.