Back to skill

Security audit

openfin-enable-banking

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims for open banking, but it needs review because it handles live bank authorization and stored financial records with weak containment and warnings.

Install only if you deliberately want an agent to access Enable Banking account data. Before real use, restrict the callback server to localhost or a trusted HTTPS reverse proxy, avoid HTTP mode, do not send authorization links over casual channels without verified recipient control, pin reviewed dependency versions, and protect or periodically delete config.json, private keys, mandanten, pending_callbacks, and data outputs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The documentation tells the agent to send a banking authorization URL via WhatsApp or email, which extends the skill into outbound messaging of highly sensitive authentication material. In the PSD2 banking context, this is especially risky because authorization links may be intercepted, misdirected, or sent to the wrong recipient, enabling account-linking abuse or disclosure of sensitive banking workflow metadata.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documentation does not clearly warn that it processes extremely sensitive banking data, app credentials, private keys, IBANs, balances, and transaction history. In a financial automation skill, the absence of prominent handling, storage, and disclosure warnings materially increases the risk of unsafe deployment, accidental logging, insecure sharing, and improper operator assumptions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The reference explicitly describes production use with real client bank data and linked accounts, but it does not include any privacy, data-handling, retention, or consent warning. In a banking/tax-automation skill, that omission can lead operators or downstream agents to collect and process highly sensitive financial data without adequate safeguards, increasing the risk of privacy violations, over-collection, or insecure logging.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.