← Back to Skills Marketplace
angelstreet

Konto API

by angelstreet · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
456
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install konto-api
Description
Access personal finance data from Konto including accounts, transactions, investments, assets, loans, subscriptions, and net worth summaries via API.
README (SKILL.md)

Konto — Personal Finance API

Query personal finance data from Konto (bank accounts, investments, assets, loans, transactions).

Setup

# ~/.openclaw/secrets/konto.env
export KONTO_API_KEY="konto_xxxxxxxxxxxx"
export KONTO_URL="https://konto.angelstreet.io"

Quick Answers

"How much BTC do I have?"

source ~/.openclaw/secrets/konto.env
curl -s -H "Authorization: Bearer $KONTO_API_KEY" "$KONTO_URL/api/v1/investments" | jq '.investments[] | select(.code | test("BTC|bitcoin"; "i")) | {label, quantity, current_value}'

"What's my net worth?"

curl -s -H "Authorization: Bearer $KONTO_API_KEY" "$KONTO_URL/api/v1/summary" | jq '{patrimoine_net, accounts: .accounts.total_balance, investments: .investments.total_value, assets: .assets.total_value, loans: .loans.total_remaining}'

"When does my loan end?"

curl -s -H "Authorization: Bearer $KONTO_API_KEY" "$KONTO_URL/api/v1/loans" | jq '.loans[] | {name, remaining_amount, end_date, monthly_payment}'

"What are my subscriptions?"

curl -s -H "Authorization: Bearer $KONTO_API_KEY" "$KONTO_URL/api/v1/summary" | jq '{count: .subscriptions.count, monthly: .subscriptions.monthly}'

"How much do I spend on housing?"

curl -s -H "Authorization: Bearer $KONTO_API_KEY" "$KONTO_URL/api/v1/transactions?months=6&category=logement" | jq '{total: .total, transactions: [.transactions[] | {date, label, amount}]}'

"Financial overview"

curl -s -H "Authorization: Bearer $KONTO_API_KEY" "$KONTO_URL/api/v1/summary"

Helper Script

bash ~/.openclaw/workspace/skills/konto/scripts/konto.sh summary
bash ~/.openclaw/workspace/skills/konto/scripts/konto.sh investments
bash ~/.openclaw/workspace/skills/konto/scripts/konto.sh transactions 3  # last 3 months
bash ~/.openclaw/workspace/skills/konto/scripts/konto.sh loans
bash ~/.openclaw/workspace/skills/konto/scripts/konto.sh assets
bash ~/.openclaw/workspace/skills/konto/scripts/konto.sh accounts

Endpoints

Endpoint Description
GET /api/v1/summary Full financial overview (start here)
GET /api/v1/accounts Bank accounts list
GET /api/v1/transactions?months=6&category=X Categorized transactions
GET /api/v1/investments Portfolio (ETFs, stocks, crypto)
GET /api/v1/assets Real estate, vehicles
GET /api/v1/loans Active loans

Full API Reference

See ~/shared/projects/konto/docs/api.md for complete docs including analytics endpoints.

Scope

This skill uses a personal scope key (free). For cross-user analytics (pro), see the konto-analytics skill.

Usage Guidance
This skill appears to do what it says (call Konto API endpoints) and needs an API key and base URL. Before installing: (1) Be aware the SKILL.md asks you to store KONTO_API_KEY and KONTO_URL in ~/.openclaw/secrets/konto.env even though the registry metadata doesn't list them — the metadata omission is benign but confusing. (2) Only use an API key issued by a trusted Konto instance; confirm KONTO_URL is correct (default points at konto.angelstreet.io). (3) Limit file permissions on the secrets file (chmod 600) or use your platform's secret manager instead of a plaintext file. (4) The skill can call analytics endpoints if you supply an analytics-scoped key — only provide that key if you intend cross-user analytics. (5) The source/homepage is unknown; if you need stronger assurance, validate the owner identity or run the script in an isolated environment before giving it real credentials.
Capability Analysis
Type: OpenClaw Skill Name: konto-api Version: 1.0.0 The skill is classified as suspicious due to shell injection vulnerabilities found in `scripts/konto.sh`. The script directly interpolates unsanitized command-line arguments (`$2`, `$3`) into `curl` commands for the `transactions` and `analytics` endpoints, which could allow for arbitrary command execution if an attacker can control the input provided to the script. For example, passing `category=foo&$(evil_command)` to the `transactions` endpoint could execute `evil_command`. This is a vulnerability, not evidence of intentional malice.
Capability Assessment
Purpose & Capability
Name/description (personal finance access) match the included scripts and API docs. Minor inconsistency: the registry metadata declares no required environment variables or primary credential, but the SKILL.md and scripts clearly expect KONTO_API_KEY and KONTO_URL.
Instruction Scope
Runtime instructions are explicit: source ~/.openclaw/secrets/konto.env and call Konto endpoints with curl. The skill reads only that secrets file and its included workspace script; it also documents analytics endpoints which require a separate analytics-scoped key. No unexpected file reads, broad system probing, or exfil endpoints beyond the configured KONTO_URL.
Install Mechanism
No install spec; this is instruction-only plus a small bash helper script included in the package. Risk is low because nothing is downloaded or extracted during install.
Credentials
The behavior requires KONTO_API_KEY and KONTO_URL (and optionally an analytics-scoped key) which are proportionate to the stated functionality. However, the skill registry did not declare these required env vars or a primary credential — a metadata omission that can mislead users about what secrets are needed.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The skill does not request persistent system-wide privileges or modify other skills; it only reads a user-held secrets file and runs curl from the included script.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install konto-api
  3. After installation, invoke the skill by name or use /konto-api
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — query personal finance data from Konto instance
Metadata
Slug konto-api
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Konto API?

Access personal finance data from Konto including accounts, transactions, investments, assets, loans, subscriptions, and net worth summaries via API. It is an AI Agent Skill for Claude Code / OpenClaw, with 456 downloads so far.

How do I install Konto API?

Run "/install konto-api" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Konto API free?

Yes, Konto API is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Konto API support?

Konto API is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Konto API?

It is built and maintained by angelstreet (@angelstreet); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments