← 返回 Skills 市场
Firm Fintech Pack
作者
romainsantoli-web
· GitHub ↗
· v1.0.0
414
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install firm-fintech-pack
功能描述
Curated skill bundle for fintech startups, neobanks, payment processors and wealth-management platforms. Activates the firm pyramid with Finance, Legal, Engi...
使用说明 (SKILL.md)
firm-fintech-pack
Sector bundle for fintech & financial services environments.
Activated departments
| Department | Services activated | Focus |
|---|---|---|
| Finance | FP&A · Pricing Strategy · Unit Economics · Billing | P&L, CAC/LTV, pricing models |
| Legal | Contracting · Privacy/Data · IP & Compliance | PSD2, MiCA, AML, KYC |
| Engineering | Backend · Data Engineering · AI Engineering · Integration | Core banking, APIs, ML models |
| Quality | Security · Compliance Auditing · Performance | Pen testing, SOC 2, load tests |
| Strategy | Architecture · Product Discovery · Roadmap | Product strategy, OKRs |
| Operations | SRE/Incident · DevOps | 99.99% uptime, incident response |
Recommended ClawHub skills to install alongside
npx clawhub@latest install biz-reporter # Financial KPI reporting
npx clawhub@latest install arc-security-audit # SOC 2 / PCI-DSS audit
npx clawhub@latest install agent-audit-trail # Tamper-evident transaction logs
npx clawhub@latest install arc-trust-verifier # Counterparty verification
npx clawhub@latest install firm-orchestration # A2A orchestration backbone
npx clawhub@latest install firm-delivery-export # Output → report / ticket
Firm configuration overlay
{
"agent": {
"model": "anthropic/claude-opus-4-6",
"workspace": "~/.openclaw/workspace/fintech-firm"
},
"agents": {
"defaults": {
"sandbox": { "mode": "non-main" }
}
}
}
Prompt: AML suspicious activity review
Use firm-orchestration with:
objective: "Review 23 flagged transactions from automated AML screening — Feb 28 batch"
departments: ["legal", "finance", "quality"]
constraints: ["anonymize customer IDs in output", "FATF Rec. 20 reference", "read-only"]
definition_of_done: "SAR filing decisions per transaction with rationale"
delivery_format: "structured_document"
Prompt: pricing model update
Use firm-orchestration with:
objective: "Redesign subscription tier pricing for B2B API product targeting SMBs"
departments: ["finance", "commercial", "strategy"]
constraints: ["current ARPU: €340/mo", "churn target \x3C 3%", "competitor floor: €199/mo"]
definition_of_done: "3-tier pricing proposal with margin analysis and migration plan"
delivery_format: "project_brief"
Regulatory coverage
| Regulation | Department | Service |
|---|---|---|
| PSD2 / Open Banking | Legal · Engineering | Compliance + Integration |
| MiCA (crypto) | Legal · Finance | IP & Compliance + FP&A |
| GDPR / ePrivacy | Legal | Privacy/Data Protection |
| AML 6AMLD | Legal · Quality | Contracting + Security |
| PCI-DSS | Quality · Engineering | Security · Backend |
| SOC 2 Type II | Quality · Operations | Compliance + DevOps |
| Basel III (credit) | Finance | Unit Economics & Reporting |
Security notes
- Financial data is tier-1 sensitive:
SECURE_PRODUCTION_MODE=truemandatory AUDIT_ENABLED=truewith immutable JSONL audit trailREAD_ONLY_MODE=truefor all regulatory review workflows- Sandbox all non-main sessions:
sandbox.mode: "non-main"
💎 Support
Si ce skill vous est utile, vous pouvez soutenir le développement :
Dogecoin : DQBggqFNWsRNTPb6kkiwppnMo1Hm8edfWq
安全使用建议
This skill is an instruction-only 'firm pack' that mostly provides prompts and recommended companion installs. Before installing or enabling it: 1) Verify the source/author — there is no homepage and the owner ID is unfamiliar. 2) Inspect any companion packages before running the suggested npx clawhub install commands. 3) Confirm what 'firm-orchestration' and the suggested companion skills do (they may require sensitive credentials). 4) Don’t assume the listed env flags (SECURE_PRODUCTION_MODE, AUDIT_ENABLED, READ_ONLY_MODE) are enforced — the skill declares them but does not require them; enforce these at your environment/config level if needed. 5) Be cautious because the skill metadata requests session tools (sessions_spawn/send/history) that allow spawning and transmitting sessions — avoid enabling autonomous invocation on production agents until you audit the orchestration skill's behavior. If you can, ask the publisher for: an explicit list of required env vars/config paths, the exact behavior of firm-orchestration, and a code/homepage link so you can review the companion skills before use.
功能分析
Type: OpenClaw Skill
Name: firm-fintech-pack
Version: 1.0.0
The skill bundle appears benign. The `SKILL.md` file primarily provides documentation, configuration examples, and security recommendations for the user and the agent's operation. It explicitly promotes secure practices such as `sandbox.mode: "non-main"`, `READ_ONLY_MODE=true`, and `AUDIT_ENABLED=true`. There are no instructions for the agent to perform unauthorized actions, exfiltrate data, or execute arbitrary commands. The `npx clawhub@latest install` commands are presented as recommendations for the human operator, not as instructions for the AI agent to execute.
能力评估
Purpose & Capability
The README-like SKILL.md describes a fintech 'firm' bundle and mostly contains prompts, recommended companion installs, and a workspace overlay — that matches the advertised purpose. However, it urges production/security settings and workspace paths (~/.openclaw/workspace/fintech-firm) without declaring any required config or credentials, which is an inconsistency between stated purpose and declared requirements.
Instruction Scope
The instructions include operational directives beyond simple prompts: they insist on environment flags (SECURE_PRODUCTION_MODE, AUDIT_ENABLED, READ_ONLY_MODE), audit/immutable JSONL trails, and a specific workspace path. These variables and paths are not listed in requires.env or required config paths. The SKILL also instructs using 'firm-orchestration' and recommends running npx clawhub installs for other skills — which will change the agent environment. This expands runtime scope beyond what's explicitly declared.
Install Mechanism
There is no install spec and no code files (lowest install risk). The SKILL.md recommends using npx clawhub@latest to install companion skills; those commands would install third-party packages at the time you run them. Because installation is left to the user and not performed automatically, risk is limited but you should inspect/verify any packages before running npx.
Credentials
The skill declares no required environment variables or credentials, yet the instructions mandate security-related env flags and an immutable audit trail. For a bundle that claims to enable integrations (PSD2, PCI-DSS, etc.), it also doesn't request any integration credentials — which is plausible if this is just a prompt bundle, but the presence of mandatory security flags that are not declared is disproportionate and confusing. This mismatch could lead to accidental misconfiguration or unmet security expectations.
Persistence & Privilege
always is false and there is no install — good. The SKILL metadata lists tools sessions_send, sessions_spawn, sessions_history which enable spawning sessions and sending/history access; those are powerful capabilities for an orchestration-style skill because they can create or transmit session content. This is not automatically malicious, but combined with the other inconsistencies it increases the potential blast radius and should be reviewed before enabling autonomous invocations.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install firm-fintech-pack - 安装完成后,直接呼叫该 Skill 的名称或使用
/firm-fintech-pack触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
firm-fintech-pack 1.0.0
- Initial release of a curated skill bundle for fintech startups, neobanks, payment processors, and wealth-management platforms.
- Pre-configured firm pyramid with Finance, Legal, Engineering, and Compliance agents for AML/KYC, financial modelling, regulatory reporting, and payment infrastructure workflows.
- Detailed guides for department activations and common workflow prompts (AML review, pricing model update).
- Primary coverage of key regulations: PSD2, MiCA, GDPR, AML, PCI-DSS, SOC 2, Basel III.
- Security best practices recommended: production mode enforcement, audit logging, read-only regulatory reviews, and session sandboxing.
- Integration and extension recommendations with popular ClawHub skills for reporting, audit, verification, and orchestration.
元数据
常见问题
Firm Fintech Pack 是什么?
Curated skill bundle for fintech startups, neobanks, payment processors and wealth-management platforms. Activates the firm pyramid with Finance, Legal, Engi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 414 次。
如何安装 Firm Fintech Pack?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install firm-fintech-pack」即可一键安装,无需额外配置。
Firm Fintech Pack 是免费的吗?
是的,Firm Fintech Pack 完全免费(开源免费),可自由下载、安装和使用。
Firm Fintech Pack 支持哪些平台?
Firm Fintech Pack 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Firm Fintech Pack?
由 romainsantoli-web(@romainsantoli-web)开发并维护,当前版本 v1.0.0。
推荐 Skills