Safety Report

FinTS Banking

Name: FinTS Banking
Rating: 5 (2 reviews)
Author: h4gen

Support for German personal online banking following FinTS banking standard. Out of the box support for many german banks. Uses system keychain to keep crede...

388Downloads

1Installs

2Stars

4Versions

Customer Support1,744 Finance & Accounting1,347 Networking & DNS1,102

Security Analysis

high confidence

Clean0.04 risk

The skill's requirements, install step, and runtime instructions align with its stated purpose (a FinTS CLI wrapper) and include explicit safety checks for transfers.

Feb 17, 20262 files1 concern

Purpose & Capabilityok

Name/description match the actual requirements and behavior: the skill expects a local CLI (fints-agent-cli) and the SKILL.md instructs using that binary. No unrelated environment variables or unexpected services are requested.

Instruction Scopeok

Runtime instructions are narrowly focused on using the fints-agent-cli for provider discovery, onboarding, accounts, transactions, and transfers. The playbook includes explicit, deterministic steps and a strict transfer approval flow (dry-run + explicit phrase). It mentions keychain usage only for storing PINs and warns against logging or passing the PIN on the command line.

Install Mechanismnote

The install spec uses a 'uv' package (package: fints-agent-cli) that creates the fints-agent-cli binary. This is coherent with the skill's purpose, but installing a binary from a package registry carries moderate risk—review the upstream GitHub repo (provided) and the package source before allowing installation.

Credentialsok

No environment variables or unrelated credentials are requested. The only sensitive interaction is with the system keychain for PIN storage, which is appropriate for a banking CLI. The SKILL.md enforces not passing PINs on the CLI and not logging them.

Persistence & Privilegeok

The skill is user-invocable, not always-enabled, and does not request persistent elevated privileges or modify other skills. It can execute local CLI commands (expected). Since the platform allows autonomous invocation by default, users should verify agent autonomy settings, but that is not a problem specific to this skill.

Guidance

This skill is internally consistent with its stated purpose: it wraps a local FinTS CLI and provides a cautious playbook for banking operations. Before installing: (1) verify the fints-agent-cli package source (review the linked GitHub repo and the 'uv' package registry entry), (2) only allow installation after confirming you trust that binary, (3) ensure your agent cannot autonomously approve transfers (or that you accept the explicit-phrase approval mechanism in the playbook), and (4) be aware the skill will interact with your system keychain and local config/state files (onboard, reset-local, bootstrap). The static scanner found no code to analyze (instruction-only), so manual review of the upstream binary and repo is the important next step.

Latest Release

v1.0.3

Add COMMANDS.md command reference and link from SKILL.md

More by @h4gen

Deep Researcher

4 stars

Prediction Market Arbitrage

2 stars

Global Skills Search

1 stars

User-Delegated OAuth API Access

0 stars

Cold Outreach Skill

0 stars

Frontend Builder

0 stars

Published by @h4gen on ClawHub