Bankr
WarnAudited by ClawScan on May 10, 2026.
Overview
Bankr is clearly a crypto/LLM gateway skill, but it asks for authority to make real financial transactions, submit raw blockchain calls, and run persistent trading automations.
Install only if you intend to let Bankr help with crypto and/or LLM gateway setup. Prefer read-only mode for research and portfolio checks. If you enable read-write trading, use a limited wallet, keep small balances, confirm every transaction manually, avoid raw calldata unless you can verify it, and review or cancel automations regularly.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a read-write key is used, mistaken or overly broad agent prompts could move funds, place bets, open leverage positions, or create orders with real financial consequences.
A read-write Bankr key gives the agent authority to perform real wallet and market actions, not just read balances or prices.
"Read-write" (`--read-write`) — enables swaps, transfers, orders, token launches, leverage, Polymarket bets
Use read-only access unless you explicitly need trading; if enabling read-write, use a small funded wallet, set narrow operating rules, review every action, and revoke or rotate keys when done.
A bad address, malicious calldata, or misunderstood transaction can permanently transfer assets, grant approvals, or interact with a harmful contract.
Raw calldata submission is an escape-hatch capability that can call arbitrary smart-contract functions, which is much riskier than scoped trading commands.
Submit raw EVM transactions with explicit calldata to any supported chain... Custom contract interactions - Call any function on any contract
Do not submit raw transactions unless you understand the calldata and trust its source; require explicit human review of the target address, calldata, chain, value, and expected effect.
Automations can continue trading, buying, selling, or checking positions after the initial setup, and a poorly specified rule could repeatedly cause losses or unwanted activity.
The skill supports persistent autonomous actions, including scheduled commands and recurring trading strategies.
Set up automated orders and scheduled trading strategies... Scheduled Commands Run any Bankr command on a schedule.
Only create automations with clear amounts, assets, time limits, stop conditions, and review dates; regularly list and cancel automations you no longer need.
You are trusting the external Bankr CLI package and its updates to handle API keys and transactions correctly.
The skill depends on a globally installed external CLI package, but no reviewed code or pinned install specification is included in the artifacts.
bun install -g @bankr/cli... npm install -g @bankr/cli
Install only from the official package source, verify the package name and publisher, and consider pinning a known version in managed environments.
Future model prompts, code, files, or conversation content sent to the configured model may pass through Bankr's gateway and downstream model providers.
Using the LLM gateway routes model prompts and responses through Bankr's gateway and may configure OpenClaw to use it as a provider.
The Bankr LLM Gateway is a unified API for Claude, Gemini, GPT, and other models... When the base URL override is enabled, all model requests go through the gateway.
Use the LLM gateway only if you are comfortable with that routing; avoid sending secrets, and review OpenClaw configuration changes before making Bankr the default provider.