← 返回 Skills 市场
rhesketh

Monzo

作者 Rob · GitHub ↗ · v1.0.2
cross-platform ✓ 安全检测通过
2031
总下载
1
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install monzo
功能描述
Access Monzo bank account - check balance, view transactions, manage pots, send feed notifications. For personal finance queries and banking automation.
安全使用建议
This skill appears coherent for connecting OpenClaw to Monzo. Things to consider before installing: - Protect MONZO_KEYRING_PASSWORD: prefer injecting it via a secrets manager or environment at runtime, not by putting it in openclaw.json in plaintext. If you must store it in a file, restrict permissions (chmod 600) and avoid committing to version control. - Credentials on disk: OAuth client secret, access and refresh tokens are encrypted with AES-256-CBC (PBKDF2 100k) and saved under ~/.openclaw/credentials/monzo.json. If an attacker gains OS-level access (root, malware, keylogger), credentials can be compromised — follow the README's advice to revoke the OAuth client immediately in that case. - Webhooks: only register URLs you control and use HTTPS. An attacker-controlled webhook URL would receive transaction notifications. - Non-interactive/automation: the setup script supports providing client secrets and auth codes on the command line — avoid putting secrets in shell history or logs; prefer non-logged secret injection. - Review the bundled scripts yourself (they are included) or run them in a controlled environment first. If you follow the guidance above (use secrets manager, restrict file permissions, run on machines you control, and review webhook endpoints), the skill is coherent with its stated purpose and can be used safely for Monzo automation.
功能分析
Type: OpenClaw Skill Name: monzo Version: 1.0.2 The OpenClaw Monzo skill is well-documented and transparent, adhering to good security practices. Credentials are encrypted at rest using AES-256-CBC with PBKDF2, and the setup process includes OAuth state validation to prevent CSRF. The documentation (`SKILL.md`, `README.md`, `SECURITY.md`) explicitly details the threat model, warns about the `MONZO_KEYRING_PASSWORD` being visible in process environments on multi-user systems, and advises caution with webhook URLs. All code aligns with the stated purpose of Monzo banking operations, without any evidence of intentional data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, or prompt injection attempts against the agent.
能力评估
Purpose & Capability
Name/description (Monzo banking) match what the code does: OAuth setup, balance/transactions/pots/feed/receipts/webhooks via the Monzo API. Required binaries (curl, jq, openssl, bc) are plausible for the CLI scripts, and the single required env var (MONZO_KEYRING_PASSWORD) is used to encrypt credentials stored under ~/.openclaw/credentials/monzo.json.
Instruction Scope
SKILL.md and scripts confine operations to the Monzo API and local credential storage. The setup wizard accepts client id/secret and authorization codes and then stores them (encrypted). Minor notes: the docs suggest multiple ways to provide MONZO_KEYRING_PASSWORD including placing it directly in openclaw.json (plaintext) — the skill warns about the risks but this represents a higher-risk deployment option. The scripts also reference optional env vars (OPENCLAW_CREDENTIALS_DIR, MONZO_API_BASE) that are not declared in requires.env — these are benign but worth knowing.
Install Mechanism
No install spec — the package is instruction/code-only and doesn't download arbitrary binaries. Code files are bundled with the skill; nothing in the manifest indicates fetching code from external, untrusted URLs or executing installers. This is lower risk than remote-installing arbitrary artifacts.
Credentials
The skill only requires a single secret-like env var (MONZO_KEYRING_PASSWORD) which is appropriate: it's used to derive the AES key for encrypting the saved OAuth client secret and tokens. However, the SKILL.md recommends (option A) placing the password directly in OpenClaw config (plaintext) which increases exposure, and the documentation correctly warns about process listing and multi-user systems. The scripts also accept non-declared environment variables (OPENCLAW_CREDENTIALS_DIR, MONZO_API_BASE) as optional overrides — this is reasonable but worth documenting to users.
Persistence & Privilege
always:false (not force-enabled). The skill stores encrypted credentials under the user's home directory (owner-only perms), which is expected for this functionality. It does not request or modify other skills' configs or system-wide settings. The agent-autonomous-invocation default is enabled (normal) but not combined with any unusual privileges.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install monzo
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /monzo 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Updated to address some of the automated security concerns. Hopefully this one makes the robots happier.
v1.0.1
- Pagination fixes for transaction history - Expanded agent usage instructions for transaction history to clarify results are paginated and sorted newest first. - Updated transaction query examples to highlight full transaction retrieval and clarify relative date filters. - Improved script documentation consistency for agent prompts and usage patterns. - No functional changes; documentation and usage clarification only.
v1.0.0
Monzo Skill 1.0.0 - Initial Release - Access your Monzo bank account to check balances, view transactions, manage savings pots, and send feed notifications. - Step-by-step setup instructions provided for secure integration with Clawdbot using OAuth credentials and encrypted keyring password. - Includes command line scripts for common banking actions: view balance, list transactions, manage pots, send notifications, and more. - Supports personal, joint, and business Monzo accounts; provides detailed agent usage guidance and troubleshooting tips. - Money amounts are handled in pence; clear guidance for agents on handling outputs and errors.
元数据
Slug monzo
版本 1.0.2
许可证
累计安装 0
当前安装数 0
历史版本数 3
常见问题

Monzo 是什么?

Access Monzo bank account - check balance, view transactions, manage pots, send feed notifications. For personal finance queries and banking automation. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2031 次。

如何安装 Monzo?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install monzo」即可一键安装,无需额外配置。

Monzo 是免费的吗?

是的,Monzo 完全免费(开源免费),可自由下载、安装和使用。

Monzo 支持哪些平台?

Monzo 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Monzo?

由 Rob(@rhesketh)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论