← 返回 Skills 市场
angelstreet

Konto API

作者 angelstreet · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
456
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install konto-api
功能描述
Access personal finance data from Konto including accounts, transactions, investments, assets, loans, subscriptions, and net worth summaries via API.
使用说明 (SKILL.md)

Konto — Personal Finance API

Query personal finance data from Konto (bank accounts, investments, assets, loans, transactions).

Setup

# ~/.openclaw/secrets/konto.env
export KONTO_API_KEY="konto_xxxxxxxxxxxx"
export KONTO_URL="https://konto.angelstreet.io"

Quick Answers

"How much BTC do I have?"

source ~/.openclaw/secrets/konto.env
curl -s -H "Authorization: Bearer $KONTO_API_KEY" "$KONTO_URL/api/v1/investments" | jq '.investments[] | select(.code | test("BTC|bitcoin"; "i")) | {label, quantity, current_value}'

"What's my net worth?"

curl -s -H "Authorization: Bearer $KONTO_API_KEY" "$KONTO_URL/api/v1/summary" | jq '{patrimoine_net, accounts: .accounts.total_balance, investments: .investments.total_value, assets: .assets.total_value, loans: .loans.total_remaining}'

"When does my loan end?"

curl -s -H "Authorization: Bearer $KONTO_API_KEY" "$KONTO_URL/api/v1/loans" | jq '.loans[] | {name, remaining_amount, end_date, monthly_payment}'

"What are my subscriptions?"

curl -s -H "Authorization: Bearer $KONTO_API_KEY" "$KONTO_URL/api/v1/summary" | jq '{count: .subscriptions.count, monthly: .subscriptions.monthly}'

"How much do I spend on housing?"

curl -s -H "Authorization: Bearer $KONTO_API_KEY" "$KONTO_URL/api/v1/transactions?months=6&category=logement" | jq '{total: .total, transactions: [.transactions[] | {date, label, amount}]}'

"Financial overview"

curl -s -H "Authorization: Bearer $KONTO_API_KEY" "$KONTO_URL/api/v1/summary"

Helper Script

bash ~/.openclaw/workspace/skills/konto/scripts/konto.sh summary
bash ~/.openclaw/workspace/skills/konto/scripts/konto.sh investments
bash ~/.openclaw/workspace/skills/konto/scripts/konto.sh transactions 3  # last 3 months
bash ~/.openclaw/workspace/skills/konto/scripts/konto.sh loans
bash ~/.openclaw/workspace/skills/konto/scripts/konto.sh assets
bash ~/.openclaw/workspace/skills/konto/scripts/konto.sh accounts

Endpoints

Endpoint Description
GET /api/v1/summary Full financial overview (start here)
GET /api/v1/accounts Bank accounts list
GET /api/v1/transactions?months=6&category=X Categorized transactions
GET /api/v1/investments Portfolio (ETFs, stocks, crypto)
GET /api/v1/assets Real estate, vehicles
GET /api/v1/loans Active loans

Full API Reference

See ~/shared/projects/konto/docs/api.md for complete docs including analytics endpoints.

Scope

This skill uses a personal scope key (free). For cross-user analytics (pro), see the konto-analytics skill.

安全使用建议
This skill appears to do what it says (call Konto API endpoints) and needs an API key and base URL. Before installing: (1) Be aware the SKILL.md asks you to store KONTO_API_KEY and KONTO_URL in ~/.openclaw/secrets/konto.env even though the registry metadata doesn't list them — the metadata omission is benign but confusing. (2) Only use an API key issued by a trusted Konto instance; confirm KONTO_URL is correct (default points at konto.angelstreet.io). (3) Limit file permissions on the secrets file (chmod 600) or use your platform's secret manager instead of a plaintext file. (4) The skill can call analytics endpoints if you supply an analytics-scoped key — only provide that key if you intend cross-user analytics. (5) The source/homepage is unknown; if you need stronger assurance, validate the owner identity or run the script in an isolated environment before giving it real credentials.
功能分析
Type: OpenClaw Skill Name: konto-api Version: 1.0.0 The skill is classified as suspicious due to shell injection vulnerabilities found in `scripts/konto.sh`. The script directly interpolates unsanitized command-line arguments (`$2`, `$3`) into `curl` commands for the `transactions` and `analytics` endpoints, which could allow for arbitrary command execution if an attacker can control the input provided to the script. For example, passing `category=foo&$(evil_command)` to the `transactions` endpoint could execute `evil_command`. This is a vulnerability, not evidence of intentional malice.
能力评估
Purpose & Capability
Name/description (personal finance access) match the included scripts and API docs. Minor inconsistency: the registry metadata declares no required environment variables or primary credential, but the SKILL.md and scripts clearly expect KONTO_API_KEY and KONTO_URL.
Instruction Scope
Runtime instructions are explicit: source ~/.openclaw/secrets/konto.env and call Konto endpoints with curl. The skill reads only that secrets file and its included workspace script; it also documents analytics endpoints which require a separate analytics-scoped key. No unexpected file reads, broad system probing, or exfil endpoints beyond the configured KONTO_URL.
Install Mechanism
No install spec; this is instruction-only plus a small bash helper script included in the package. Risk is low because nothing is downloaded or extracted during install.
Credentials
The behavior requires KONTO_API_KEY and KONTO_URL (and optionally an analytics-scoped key) which are proportionate to the stated functionality. However, the skill registry did not declare these required env vars or a primary credential — a metadata omission that can mislead users about what secrets are needed.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The skill does not request persistent system-wide privileges or modify other skills; it only reads a user-held secrets file and runs curl from the included script.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install konto-api
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /konto-api 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release — query personal finance data from Konto instance
元数据
Slug konto-api
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Konto API 是什么?

Access personal finance data from Konto including accounts, transactions, investments, assets, loans, subscriptions, and net worth summaries via API. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 456 次。

如何安装 Konto API?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install konto-api」即可一键安装,无需额外配置。

Konto API 是免费的吗?

是的,Konto API 完全免费(开源免费),可自由下载、安装和使用。

Konto API 支持哪些平台?

Konto API 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Konto API?

由 angelstreet(@angelstreet)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论