Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Banking Agent OS
v1.0.0AI-powered banking system for intelligent agents with account management, transaction processing, and risk control
⭐ 0· 258·1 current·1 all-time
byJustin Liu@zhenstaff
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The described purpose (banking backend + AI services) is coherent with the requested artifacts in SKILL.md (OpenAI API key, DATABASE_URL, pip/npm packages). However the registry metadata lists no required environment variables or primary credential while SKILL.md explicitly requires OPENAI_API_KEY and a DATABASE_URL—this inconsistency needs clarification. Also the skill is instruction-only (no code included) yet describes installing/running a backend from external packages.
Instruction Scope
Runtime instructions stay within the stated banking scope (create .env, install packages, start uvicorn, use API endpoints). They instruct the user to install external packages (pip/npm) and run a web server that will handle sensitive data; that is expected for a backend but means the skill delegates execution to external code not bundled in the skill.
Install Mechanism
There is no install spec in the skill bundle (lowest-risk), but the documentation directs users to pip/npm install packages and to run a FastAPI server. Because the skill package does not include code, the actual code will come from external package repositories—verify the exact PyPI/npm packages and GitHub repo before running. The skill claims a PyPI package and an npm package; their existence and provenance are not verified here.
Credentials
SKILL.md requires an OPENAI_API_KEY and a DATABASE_URL (sensible for AI features and persistence). Registry metadata, however, declares no required env vars or primary credential—this mismatch is a red flag. Requesting an OpenAI API key is proportionate to the described AI features, but users must be explicit about where and how keys are stored and used.
Persistence & Privilege
The skill does not request persistent/privileged platform features (always:false, no required config paths). As an instruction-only skill it does not install files itself; however following its instructions will create a long-running server if the user chooses to install external packages.
What to consider before installing
This package is instruction-only and does not include the backend code—it tells you to pip/npm install and run a FastAPI server that will handle sensitive data. Before installing or running anything: (1) verify the referenced PyPI/npm package names and the GitHub repo (check stars, maintainers, and source code) so you know what code you’ll run; (2) confirm the registry metadata is corrected (it currently claims no required env vars while SKILL.md asks for OPENAI_API_KEY and DATABASE_URL); (3) run installs in an isolated environment (container or VM) and avoid deploying to production until you audit the package source; (4) never paste production secrets into .env files that might be committed—use secrets management and rotate keys after testing; (5) if you decide to proceed, inspect the upstream package source for unexpected network calls, credential exfiltration, or privileged operations.Like a lobster shell, security has layers — review code before you run it.
latestvk97a16wsrp3q34mp17nw3vyqcx82kz6z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.