Banking Agent OS
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is review-worthy because it directs users to run an unreviewed banking backend that can create accounts and transactions, binds to all network interfaces, and documents no authentication or transaction approval.
Treat this as experimental until the external backend is audited. Do not connect real financial accounts, use real customer data, or expose the server to the internet. If testing, use synthetic data, bind to localhost, add authentication and transaction approvals, pin and inspect dependencies, and protect the .env file and database.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run as written and reachable on a network, account or transaction endpoints could be accessed unless the unseen backend adds controls.
The recommended server listens on all interfaces, and the documented transaction request shows no authentication or approval step in the provided artifact.
python -m uvicorn app.main:app --host 0.0.0.0 --port 8000 ... curl -X POST http://localhost:8000/api/transactions ... -H 'Content-Type: application/json'
Run only on localhost or an isolated test network, require authentication and authorization, and add explicit user approval for any transaction-changing operation before using real data.
Installing the package could execute unreviewed code that handles banking records, a local database, and the OpenAI API key.
The instruction-only skill relies on external unpinned packages, and the PyPI availability is described inconsistently; the runnable package code is not included in the reviewed artifacts.
pip install banking-agent-os ... npm install openclaw-banking-agent-os ... PyPI | banking-agent-os | Coming soon
Verify package ownership and source, inspect the backend code, pin exact versions or hashes, and install in an isolated virtual environment before use.
A misconfigured or exposed key could lead to unwanted API usage or billing.
The OpenAI credential is expected for the advertised GPT-4 features, but it gives the backend access to a paid provider account.
Required: OpenAI API Key ... OPENAI_API_KEY=sk-...
Use a restricted project-specific key, keep .env private, rotate the key if exposed, and monitor OpenAI usage.
Sensitive banking questions or transaction details may be processed by an external AI provider.
The skill describes OpenAI-backed financial analysis and advice endpoints, but the artifact does not specify data minimization, retention, or redaction boundaries.
AI-Powered Services (OpenAI GPT-4) ... Transaction analysis ... Personalized financial advice ... POST /api/ai/analyze-transaction
Avoid sending real PII or production financial data until provider handling is reviewed; add consent, redaction, and logging controls.