ClawHub

George

v1.5.3

Automate George online banking (Erste Bank / Sparkasse Austria): login/logout, list accounts, and fetch transactions via Playwright.

1· 2.7k·2 current·2 all-time
byOliver Drobnik@odrobnik
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (George banking automation) match the included code and README: the script uses Playwright to log in, list accounts, download exports, and manage tokens. Required binaries (python3, playwright) are appropriate and expected for browser automation.
Instruction Scope
SKILL.md and SETUP.md instruct the agent to run the included python script and describe only relevant operations (login, accounts, transactions, uploads). The runtime instructions and code reference only Playwright, the bank URL, a workspace-based state dir, and optional temp dirs — they do not instruct broad file collection or arbitrary network exfiltration. Data-carrier upload has explicit validation and allowlist checks.
Install Mechanism
This is an instruction-only skill with a bundled script; there is no automated installer. The README recommends installing Playwright and Chromium via pip/playwright, which is the standard distribution path. No arbitrary external download URLs or extract-from-unknown-host patterns are present in metadata.
Credentials
The skill requests no environment secrets and only reads standard environment hints (OPENCLAW_WORKSPACE, OPENCLAW_TMP, PWD). It persists session tokens locally in workspace/george/token.json to avoid repeated 2FA prompts — that is expected behavior for a browser-automation banking tool. There are no unrelated credentials requested.
Persistence & Privilege
always:false and no special privileges are requested. The skill persists Playwright profile and token.json under the workspace directory; the README explicitly recommends logout to clear state. The level of persistence is consistent with a session-caching automation tool.
Assessment
This skill appears to do what it claims, but it will store session state and a cached token under the workspace (e.g., workspace/george/token.json). Before installing or running: (1) ensure Playwright/Chromium are installed from official sources; (2) run the skill on a trusted machine or inside a sandbox (Docker) if you're concerned about stored session tokens; (3) call the provided logout after use to clear the Playwright profile; (4) be mindful when using datacarrier-upload — the script allows uploading files from the current working directory or your home directory, so only provide files you intend to upload. If you need extra assurance, review the full script for any network calls you don't expect (the code primarily targets george.sparkasse.at and captures auth headers for local API use).

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🏦 Clawdis
Binspython3, playwright
latestvk971cvd9vdyyxr2sx3q8pnm8c18279ee
2.7kdownloads
1stars
17versions
Updated 1mo ago
v1.5.3
MIT-0
Oliver Drobnik@odrobnik
latest
Download

George Banking Automation

Fetch current account balances, stock portfolio, and transactions for all account types (checking, savings, depots) in JSON format for automatic processing. Uses Playwright to automate George (Erste Bank / Sparkasse Austria).

Entry point: {baseDir}/scripts/george.py

Setup

See SETUP.md for prerequisites and setup instructions.

Commands

python3 {baseDir}/scripts/george.py login
python3 {baseDir}/scripts/george.py logout
python3 {baseDir}/scripts/george.py accounts
python3 {baseDir}/scripts/george.py transactions --account <id|iban> --from YYYY-MM-DD --until YYYY-MM-DD
python3 {baseDir}/scripts/george.py datacarrier-list [--json] [--state OPEN|CLOSED]
python3 {baseDir}/scripts/george.py datacarrier-upload <file> [--type pain.001] [--out <dir>] [--wait-done] [--wait-done-timeout 120]
python3 {baseDir}/scripts/george.py datacarrier-sign <datacarrier_id> [--sign-id <id>] [--out <dir>]

Recommended Flow

login → accounts → transactions → portfolio → logout
login → datacarrier-upload → datacarrier-sign → logout

Always call logout after completing all operations to clear the stored browser session (cookies, local storage, Playwright profile). This minimizes persistent auth state on disk.

Notes

  • Session state stored in {workspace}/george/ with restrictive permissions (dirs 700, files 600).
  • Ephemeral exports default to /tmp/openclaw/george (override with OPENCLAW_TMP).

Comments

Loading comments...