openfinance
Analysis
This is a disclosed bank-data connector, but it gives an AI agent API-key access to sensitive balances and transaction history, so it should be reviewed carefully before use.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
Run a SQL SELECT against the `txns` CTE for aggregations, grouping, and analysis. The query runs read-only with a 5-second timeout and 1000-row limit.
The skill exposes a flexible SQL query endpoint over transaction data. The documented read-only, timeout, and row-limit controls reduce risk, but broad queries could still reveal more financial history than needed.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
OPENFINANCE_API_KEY ... API key from openfinance.sh ... required: true ... Fetch all connected financial accounts with balances and institution info.
The skill requires a bearer API key for a service linked to bank accounts and documents calls that return all connected account balances. That is high-impact financial-account access even though it matches the stated purpose.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
BASE_URL="${OPENFINANCE_URL:-https://api.openfinance.sh}" ... AUTH_HEADER="Authorization: Bearer $OPENFINANCE_API_KEY"Requests send the bearer token and financial queries to an external API endpoint, and the optional base URL can change that endpoint. This is expected for the integration but expands the trust boundary.