← Back to Skills Marketplace
odrobnik

raiffeisen-elba

by Oliver Drobnik · GitHub ↗ · v1.4.4 · MIT-0
cross-platform ✓ Security Clean
1264
Downloads
0
Stars
2
Active Installs
14
Versions
Install in OpenClaw
/install raiffeisen-elba
Description
Automate Raiffeisen ELBA online banking: login/logout, list accounts, and fetch transactions via Playwright.
Usage Guidance
This skill legitimately automates ELBA by controlling a browser and extracting a short-lived bearer token; that is why it needs your ELBA ID and PIN in a local config.json and why it inspects browser storage or outgoing requests. Before installing or running it: 1) Audit the code yourself or run it in an isolated/trusted environment (not on a shared or production machine). 2) Keep config.json permissions strict (chmod 600) as recommended and consider removing the PIN after use if you can. 3) Only run login operations when you can approve the pushTAN on your device; always run the provided logout command to delete .pw-profile/token cache. 4) Be aware Playwright will download browser binaries during setup (network activity). 5) If you are uncomfortable with local token extraction or storing credentials on disk, do not use this skill with real bank credentials.
Capability Analysis
Type: OpenClaw Skill Name: raiffeisen-elba Version: 1.4.4 The skill provides automation for Raiffeisen ELBA banking via Playwright and internal API calls. While it handles highly sensitive data (bank credentials and session tokens), it implements exemplary security practices, including strict file permissions (0600/0700), a global restrictive umask (0077), and robust path sanitization in `elba.py` to prevent directory traversal. All network traffic is confined to official bank domains (*.raiffeisen.at), and the documentation (SECURITY.md) transparently details the bearer token extraction process and session lifecycle management.
Capability Assessment
Purpose & Capability
Name/description match the implementation: Python scripts that use Playwright to login, extract a bearer token, call internal ELBA JSON endpoints, list/download documents and transactions. Required binary (python3), Python deps (requests, playwright), and the config.json credential file are proportional to the stated purpose.
Instruction Scope
SKILL.md and code explicitly instruct creating a local config.json containing ELBA ID and 5-digit PIN, performing login that requires manual pushTAN approval, extracting bearer tokens from the browser context (local/session storage or by observing outgoing requests), caching that token locally, and recommending logout to delete session and cached token. All of these behaviors are necessary for the described browser-automation approach, but they are sensitive operations (token extraction and local credential storage) so the user should be aware and audit code before use. Minor inconsistency: setup docs say headless is default but scripts launch Playwright with headless=False (visible browser).
Install Mechanism
No custom install spec in the registry; the README/SETUP.md instructs using pip to install 'requests' and 'playwright' and to run 'playwright install chromium' which is the expected flow. There are no downloads from unknown personal servers in the skill itself. Playwright's browser installer will download browser binaries from upstream (expected).
Credentials
The skill requests no environment secrets and declares config.json as the required config path; this is proportionate. However, storing a 5-digit PIN in a local config file is sensitive — the skill documents strict file permissions and recommends 0600, and the code attempts to harden paths and set restrictive umask. Users should understand the risk of keeping credentials on disk and follow the recommended workflow (login → operations → logout).
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It persists per-user state only under the workspace 'raiffeisen-elba' (.pw-profile and token cache) and provides a logout command that deletes this state. It does not request system-wide privileges or modify other skills' configurations.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install raiffeisen-elba
  3. After installation, invoke the skill by name or use /raiffeisen-elba
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.4.4
- Clarified details on how the Bearer token is extracted after 2FA approval, specifying it may use browser storage or observe outgoing API requests. - No functional changes to code or commands; documentation update only.
v1.4.3
Version 1.4.3 - Added security and data handling section to documentation, detailing credential storage, 2FA requirements, and token management. - Updated requirements to include a mandatory config.json file for credentials. - Improved documentation to clarify authentication flow, command usage, and file permissions. - Minor command and usage instruction enhancements in SKILL.md. - SECURITY.md file updated.
v1.4.2
- Version bumped to 1.4.2. - Removed redundant files: README.md and scripts/debug_elba_page.py. - No functional changes to skill features or usage.
v1.4.1
- Added a security disclaimer to documentation, clarifying no passwords are stored and outlining the use of 2FA flow. - New README.md file introduced for improved project information and onboarding. - Updated SECURITY.md and SETUP.md with additional details and clarifications.
v1.4.0
- Added SECURITY.md for improved security documentation. - Updated dependencies and setup instructions in SETUP.md. - Improved code structure and functionality in scripts/elba.py and related scripts. - Removed redundant environment variable requirements from metadata. - General documentation updates for clarity and accuracy.
v1.3.3
fix: use /Users/oliver/clawd for workspace root to preserve symlink paths
v1.3.2
Rename .clawdhubignore to .clawhubignore
v1.3.1
Refactor: move setup/prerequisites to SETUP.md, keep SKILL.md lean
v1.3.0
- Added a recommended command flow with guidance to always call logout after all operations. - Enhanced documentation on session and browser profile storage/cleanup; browser session state now stored per-user in the workspace and deleted by logout. - Clarified credentials are loaded only from environment variables or config.json (no .env file). - Updated notes to reflect changes in session storage location and output path restrictions.
v1.2.4
- Bumped version to 1.2.4. - Updated scripts: collect_via_api.py, download_documents.py, and download_transactions.py. - No user-facing changes to documentation or functionality described in SKILL.md.
v1.2.3
- Expanded documentation to specify support for fetching current balances, securities depot positions, and all account types in JSON format. - Added detailed authentication instructions for using Raiffeisen pushTAN app for 2FA approval. - Updated credential instructions, clarifying configuration file path. - General improvements to documentation and usability notes.
v1.2.2
- Bumped version to 1.2.2. - No functional changes; documentation only update.
v1.2.1
- Added metadata section to SKILL.md, including Openclaw emoji and requirements. - Incremented version to 1.2.1.
v1.2.0
- Added detailed documentation in SKILL.md for credentials, commands, environment variables, and usage. - Clarified authentication options: environment variables or config.json, with env variables taking precedence. - Documented Playwright requirement and session state storage with security best practices. - Specified command-line usage for login, logout, account listing, and transaction fetching. - Summarized output restrictions for added clarity and security.
Metadata
Slug raiffeisen-elba
Version 1.4.4
License MIT-0
All-time Installs 2
Active Installs 2
Total Versions 14
Frequently Asked Questions

What is raiffeisen-elba?

Automate Raiffeisen ELBA online banking: login/logout, list accounts, and fetch transactions via Playwright. It is an AI Agent Skill for Claude Code / OpenClaw, with 1264 downloads so far.

How do I install raiffeisen-elba?

Run "/install raiffeisen-elba" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is raiffeisen-elba free?

Yes, raiffeisen-elba is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does raiffeisen-elba support?

raiffeisen-elba is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created raiffeisen-elba?

It is built and maintained by Oliver Drobnik (@odrobnik); the current version is v1.4.4.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments