← Back to Skills Marketplace
odrobnik

George Banking Automation

by Oliver Drobnik · GitHub ↗ · v1.5.4 · MIT-0
cross-platform ⚠ suspicious
2778
Downloads
1
Stars
2
Active Installs
18
Versions
Install in OpenClaw
/install george
Description
Automate George online banking (Erste Bank / Sparkasse Austria): login/logout, list accounts, and fetch transactions via Playwright.
README (SKILL.md)

George Banking Automation

Fetch current account balances, stock portfolio, and transactions for all account types (checking, savings, depots) in JSON format for automatic processing. Uses Playwright to automate George (Erste Bank / Sparkasse Austria).

Entry point: {baseDir}/scripts/george.py

Setup

See SETUP.md for prerequisites and setup instructions.

Commands

python3 {baseDir}/scripts/george.py login
python3 {baseDir}/scripts/george.py logout
python3 {baseDir}/scripts/george.py accounts
python3 {baseDir}/scripts/george.py transactions --account \x3Cid|iban> --from YYYY-MM-DD --until YYYY-MM-DD
python3 {baseDir}/scripts/george.py datacarrier-list [--json] [--state OPEN|CLOSED]
python3 {baseDir}/scripts/george.py datacarrier-upload \x3Cfile> [--type pain.001] [--out \x3Cdir>] [--wait-done] [--wait-done-timeout 120]
python3 {baseDir}/scripts/george.py datacarrier-sign \x3Cdatacarrier_id> [--sign-id \x3Cid>] [--out \x3Cdir>]

Recommended Flow

login → accounts → transactions → portfolio → logout
login → datacarrier-upload → datacarrier-sign → logout

Always call logout after completing all operations to clear the stored browser session (cookies, local storage, Playwright profile). This minimizes persistent auth state on disk.

Notes

  • Session state stored in {workspace}/george/ with restrictive permissions (dirs 700, files 600).
  • Ephemeral exports default to /tmp/openclaw/george (override with OPENCLAW_TMP).
Usage Guidance
This skill appears to be what it claims: a Playwright-based George (Erste/Sparkasse) automation tool. Before installing, consider: (1) it will persist browser session state and a bearer token in workspace/george/token.json — ensure that workspace location is trusted and has appropriate filesystem permissions; (2) Playwright requires installing a browser (chromium) via pip/playwright install — prefer running in an isolated environment or container; (3) the datacarrier upload feature accepts local XML files and performs validation, but you should still avoid pointing it at sensitive files outside intended directories; (4) review the included scripts yourself (or run in a sandbox) if you don't fully trust the source repository. Overall the requested capabilities and behavior are proportionate to the declared banking automation purpose.
Capability Analysis
Type: OpenClaw Skill Name: george Version: 1.5.4 The 'george' skill bundle automates George online banking using Playwright to fetch transactions and sign payment orders. While 'scripts/george.py' includes security hardening like strict file permissions (umask 077), input sanitization, and path traversal checks, the skill possesses inherently high-risk capabilities. These include capturing and caching bearer authentication tokens and programmatically interacting with financial APIs (api.sparkasse.at). These features are aligned with the stated purpose but qualify as suspicious due to the sensitive nature of automated banking and session management.
Capability Tags
requires-oauth-tokenrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
Name/description (George banking automation) match the delivered artifacts: an instruction-only skill plus a Python Playwright script. Required binaries (python3, playwright) are appropriate and expected for a browser automation task. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md only instructs running the included script commands (login/logout/accounts/transactions/datacarrier-*) and documents where session state and ephemeral outputs live. The instructions do not request reading unrelated system files or sending data to unexpected external endpoints. The skill requires interactive 2FA and documents token/session caching — which is necessary for its purpose.
Install Mechanism
No install spec is present (instruction-only), which minimizes automatic disk changes. Playwright must be installed by the user (pip + playwright install chromium) per SETUP.md, which is a normal, traceable install path. Nothing is downloaded from untrusted or obscure URLs by the skill itself.
Credentials
The skill does not declare or require unrelated environment secrets. It optionally reads GEORGE_USER_ID / OPENCLAW_TMP / OPENCLAW_WORKSPACE / PWD which are reasonable for configuring user id, temporary output directory, and workspace location. It persists a bearer token to token.json — sensitive but proportional to avoiding repeated interactive 2FA.
Persistence & Privilege
always:false and no elevated platform privileges. The script persists session state under a workspace directory (workspace/george) and documents restrictive file permissions and logout to clear sessions. It does not modify other skills' configs or request system-wide changes.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install george
  3. After installation, invoke the skill by name or use /george
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.5.4
Auto-resolve George user id from config/recent profile; improve data-carrier upload handling for hidden file inputs.
v1.5.3
fix: use /Users/oliver/clawd for workspace root to preserve symlink paths
v1.5.2
Security: sanitize and URL-encode --account when building securities portfolio API paths (prevents path traversal / query injection attempts).
v1.5.1
Security: path traversal protection, XML content validation, ID sanitization
v1.5.0
Add datacarrier-list, datacarrier-upload, datacarrier-sign commands. Sign via JSON API with Bearer token capture and polling.
v1.4.1
Rename .clawdhubignore to .clawhubignore
v1.4.0
Refactor: move setup/prerequisites to SETUP.md, keep SKILL.md lean
v1.3.1
- Bumped version to 1.3.1. - Minor documentation update in SKILL.md. - No functional or command changes.
v1.3.0
- Adds a "Recommended Flow" section to SKILL.md, guiding users through the sequence: login → accounts → transactions → portfolio → logout. - Advises always calling `logout` to clear browser session and minimize persistent auth state. - Clarifies credentials are provided via the `GEORGE_USER_ID` environment variable or `--user-id` flag; no `.env` file loading. - Updates notes on session state storage for improved clarity.
v1.2.1
- Expanded description to highlight fetching of account balances, stock portfolios, and transactions for all account types in JSON format. - Added detailed authentication instructions for 2FA approval via the George app. - Improved and clarified usage notes and examples.
v1.2.0
Security hardening: removed .env file loading (env injection vector), sanitised download filenames against path traversal.
v1.1.3
Remove legacy MOLTBOT_TMP; use OPENCLAW_TMP only
v1.1.2
Security: sanitize --account used in output filenames to prevent path traversal
v1.1.1
Security hardening: strict umask + private perms for persisted Playwright state; tmp dir now /tmp/openclaw
v1.1.0
Docs: clarify state dir is <workspace>/george by default (override with --dir/GEORGE_DIR); remove legacy ~/.moltbot mention.
v1.0.7
Fix YAML frontmatter (quoted description/summary) so ClawdHub shows summary
v1.0.6
Add ClawdHub summary + set homepage to GitHub
v1.0.5
Initial public release: reliable login flow, safe token logging, account auto-sync (IBAN extraction)
Metadata
Slug george
Version 1.5.4
License MIT-0
All-time Installs 2
Active Installs 2
Total Versions 18
Frequently Asked Questions

What is George Banking Automation?

Automate George online banking (Erste Bank / Sparkasse Austria): login/logout, list accounts, and fetch transactions via Playwright. It is an AI Agent Skill for Claude Code / OpenClaw, with 2778 downloads so far.

How do I install George Banking Automation?

Run "/install george" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is George Banking Automation free?

Yes, George Banking Automation is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does George Banking Automation support?

George Banking Automation is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created George Banking Automation?

It is built and maintained by Oliver Drobnik (@odrobnik); the current version is v1.5.4.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments