v1.4.4

raiffeisen-elba

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:38 AM.

Analysis

This banking skill is mostly coherent, but it needs review because it stores bank login credentials, extracts/caches session tokens, and includes bulk bank-document download code beyond the main advertised commands.

GuidanceReview this skill carefully before installing. It is designed for sensitive online-banking automation, so only use it if you trust the code, understand that your ELBA PIN and session token are handled locally, and are comfortable with the included document-download capability. Run logout after every use and keep the workspace private.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

scripts/download_documents.py

"Download all collected documents via API" ... print(f"[main] Starting download of {len(documents)} documents...") ... result = download_document(doc, token, cookies, output_dir)

The included code can bulk-download banking documents, while the main skill description and SKILL.md commands focus on login, accounts, transactions, portfolio, and logout. This broadens sensitive bank-data access beyond the advertised workflow.

User impactA user expecting account and transaction retrieval may also be exposed to automation that downloads bank statements or other documents if invoked.

RecommendationThe skill should clearly document document-download behavior, require explicit user confirmation and date/document scope, or remove these helper scripts from the packaged skill.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

SETUP.md

Note that no passwords are stored... Create `<WORKSPACE_ROOT>/raiffeisen-elba/config.json`: { "elba_id": "YOUR_ELBA_ID", "pin": "YOUR_PIN" }

The setup disclaimer downplays credential storage, but the same document instructs storing the banking PIN locally. That contradiction can cause users to underestimate the sensitivity of the configuration.

User impactYou may believe the skill stores no password-like secret even though it stores a banking PIN in a local file.

RecommendationTreat the PIN as a sensitive credential. The documentation should replace the 'no passwords are stored' wording with a clear statement that the ELBA PIN is stored locally and protected by file permissions.

Rogue Agents

SeverityMediumConfidenceHighStatusNote

SETUP.md

Session persistence — Browser profile persists between commands (until `logout`)

The persistence is disclosed and purpose-aligned for avoiding repeated logins, but it means the authenticated browser state can remain available to later commands if logout is not run.

User impactA later invocation may reuse an existing banking session without a new login flow if the session remains valid.

RecommendationRun logout after use and avoid leaving an authenticated session in the workspace.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

SETUP.md

pip3 install requests playwright ... python3 -m playwright install chromium

The dependency installation is manual and expected for Playwright automation, but versions are not pinned. For banking automation, dependency provenance deserves extra attention.

User impactDependency changes could affect a highly sensitive banking workflow.

RecommendationPrefer pinned dependency versions and install from trusted package indexes in an isolated environment.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

You must create a `config.json` file containing your ELBA user ID and 5-digit PIN... the skill extracts the Bearer token... stored in a local cache file

This is direct handling of banking credentials and an authenticated session token. Even though the behavior is disclosed and aligned with the banking purpose, it grants high-impact account access and should be explicitly reviewed before installation.

User impactAfter you approve 2FA, the skill can use your banking session to retrieve sensitive financial data until the token expires or you log out.

RecommendationInstall only if you are comfortable giving this code access to your banking session. Keep config.json private, review the code, use a private workspace, and run logout immediately after use.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SECURITY.md

| Bearer Token | `.pw-profile/token.json` | `0600` | Ephemeral (minutes); deleted on `logout` | ... | Browser Session | `.pw-profile/` | `0700` | Ephemeral; deleted on `logout` |

Authenticated session state is intentionally persisted locally for reuse across commands. The files are permission-hardened and cleanup is documented, but this is still sensitive state.

User impactIf the workspace or profile directory is exposed, leftover banking session data may be accessible until it expires or is deleted.

RecommendationUse this only on a trusted machine, verify file permissions, and delete `.pw-profile/` or run logout after every session.