v1.3.2

Revolut

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:38 AM.

Analysis

This appears to be a coherent Revolut automation skill, but it handles banking login/session data and may store a PIN locally, so it should be reviewed before installation.

GuidanceOnly install this if you are comfortable letting an agent access Revolut balances, transactions, and portfolio data. Keep `{workspace}/revolut/config.json` private, avoid saving the app PIN unless required, run logout after each session, and remove temporary QR/session files on shared systems.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SETUP.md

pip install playwright
playwright install chromium

The setup relies on installing Playwright and Chromium from external package sources. This is expected for a Playwright-based automation skill, but users should install from trusted sources.

User impactThe security of the local setup depends on the package source and browser installer used.

RecommendationInstall dependencies in a trusted environment, consider pinning versions, and avoid running the setup with unnecessary elevated privileges.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SETUP.md

Create `{workspace}/revolut/config.json`: ... `"sylvia": { "pin": "123456" }` ... `pin`: optional 6-digit app pin for auto-entry.

The skill can store and use a Revolut app PIN from local config. That is high-impact banking credential handling, especially because the registry metadata says there is no primary credential or required config path.

User impactIf configured, the agent may be able to reuse banking authentication context and access Revolut account, transaction, and portfolio data for the selected user.

RecommendationTreat the config file and workspace as sensitive, avoid storing the PIN unless necessary, and ensure the skill metadata/config documentation clearly declares this credential handling.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

scripts/revolut.py

context.add_cookies(cookies) ... window.localStorage.setItem(k, v) ... launch_persistent_context(user_data_dir=str(profile_dir))

The code restores cookies and localStorage into a persistent Playwright browser profile, which can preserve a logged-in Revolut session across runs.

User impactA remaining browser session could let future agent runs access financial data until the session is logged out or removed.

RecommendationRun the documented logout command after use, restrict access to the workspace, and remove stored profiles/session files if the skill is no longer needed.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

SETUP.md

The QR code image is saved to `/tmp/openclaw/revolut/revolut_qr.png` and output as `QR_IMAGE:<path>` for the agent to send.

The Revolut login QR/approval artifact is handed from the script to the agent for display or sending; it is purpose-aligned, but it is sensitive authentication material.

User impactIf the QR image or approval link is shown to the wrong party or left accessible on a shared system, it could expose part of the login flow.

RecommendationEnsure the QR is only shown to the intended account owner, and clean up temporary files after login on shared machines.