← 返回 Skills 市场
raiffeisen-elba
作者
Oliver Drobnik
· GitHub ↗
· v1.4.4
· MIT-0
1264
总下载
0
收藏
2
当前安装
14
版本数
在 OpenClaw 中安装
/install raiffeisen-elba
功能描述
Automate Raiffeisen ELBA online banking: login/logout, list accounts, and fetch transactions via Playwright.
安全使用建议
This skill legitimately automates ELBA by controlling a browser and extracting a short-lived bearer token; that is why it needs your ELBA ID and PIN in a local config.json and why it inspects browser storage or outgoing requests. Before installing or running it: 1) Audit the code yourself or run it in an isolated/trusted environment (not on a shared or production machine). 2) Keep config.json permissions strict (chmod 600) as recommended and consider removing the PIN after use if you can. 3) Only run login operations when you can approve the pushTAN on your device; always run the provided logout command to delete .pw-profile/token cache. 4) Be aware Playwright will download browser binaries during setup (network activity). 5) If you are uncomfortable with local token extraction or storing credentials on disk, do not use this skill with real bank credentials.
功能分析
Type: OpenClaw Skill
Name: raiffeisen-elba
Version: 1.4.4
The skill provides automation for Raiffeisen ELBA banking via Playwright and internal API calls. While it handles highly sensitive data (bank credentials and session tokens), it implements exemplary security practices, including strict file permissions (0600/0700), a global restrictive umask (0077), and robust path sanitization in `elba.py` to prevent directory traversal. All network traffic is confined to official bank domains (*.raiffeisen.at), and the documentation (SECURITY.md) transparently details the bearer token extraction process and session lifecycle management.
能力评估
Purpose & Capability
Name/description match the implementation: Python scripts that use Playwright to login, extract a bearer token, call internal ELBA JSON endpoints, list/download documents and transactions. Required binary (python3), Python deps (requests, playwright), and the config.json credential file are proportional to the stated purpose.
Instruction Scope
SKILL.md and code explicitly instruct creating a local config.json containing ELBA ID and 5-digit PIN, performing login that requires manual pushTAN approval, extracting bearer tokens from the browser context (local/session storage or by observing outgoing requests), caching that token locally, and recommending logout to delete session and cached token. All of these behaviors are necessary for the described browser-automation approach, but they are sensitive operations (token extraction and local credential storage) so the user should be aware and audit code before use. Minor inconsistency: setup docs say headless is default but scripts launch Playwright with headless=False (visible browser).
Install Mechanism
No custom install spec in the registry; the README/SETUP.md instructs using pip to install 'requests' and 'playwright' and to run 'playwright install chromium' which is the expected flow. There are no downloads from unknown personal servers in the skill itself. Playwright's browser installer will download browser binaries from upstream (expected).
Credentials
The skill requests no environment secrets and declares config.json as the required config path; this is proportionate. However, storing a 5-digit PIN in a local config file is sensitive — the skill documents strict file permissions and recommends 0600, and the code attempts to harden paths and set restrictive umask. Users should understand the risk of keeping credentials on disk and follow the recommended workflow (login → operations → logout).
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It persists per-user state only under the workspace 'raiffeisen-elba' (.pw-profile and token cache) and provides a logout command that deletes this state. It does not request system-wide privileges or modify other skills' configurations.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install raiffeisen-elba - 安装完成后,直接呼叫该 Skill 的名称或使用
/raiffeisen-elba触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.4.4
- Clarified details on how the Bearer token is extracted after 2FA approval, specifying it may use browser storage or observe outgoing API requests.
- No functional changes to code or commands; documentation update only.
v1.4.3
Version 1.4.3
- Added security and data handling section to documentation, detailing credential storage, 2FA requirements, and token management.
- Updated requirements to include a mandatory config.json file for credentials.
- Improved documentation to clarify authentication flow, command usage, and file permissions.
- Minor command and usage instruction enhancements in SKILL.md.
- SECURITY.md file updated.
v1.4.2
- Version bumped to 1.4.2.
- Removed redundant files: README.md and scripts/debug_elba_page.py.
- No functional changes to skill features or usage.
v1.4.1
- Added a security disclaimer to documentation, clarifying no passwords are stored and outlining the use of 2FA flow.
- New README.md file introduced for improved project information and onboarding.
- Updated SECURITY.md and SETUP.md with additional details and clarifications.
v1.4.0
- Added SECURITY.md for improved security documentation.
- Updated dependencies and setup instructions in SETUP.md.
- Improved code structure and functionality in scripts/elba.py and related scripts.
- Removed redundant environment variable requirements from metadata.
- General documentation updates for clarity and accuracy.
v1.3.3
fix: use /Users/oliver/clawd for workspace root to preserve symlink paths
v1.3.2
Rename .clawdhubignore to .clawhubignore
v1.3.1
Refactor: move setup/prerequisites to SETUP.md, keep SKILL.md lean
v1.3.0
- Added a recommended command flow with guidance to always call logout after all operations.
- Enhanced documentation on session and browser profile storage/cleanup; browser session state now stored per-user in the workspace and deleted by logout.
- Clarified credentials are loaded only from environment variables or config.json (no .env file).
- Updated notes to reflect changes in session storage location and output path restrictions.
v1.2.4
- Bumped version to 1.2.4.
- Updated scripts: collect_via_api.py, download_documents.py, and download_transactions.py.
- No user-facing changes to documentation or functionality described in SKILL.md.
v1.2.3
- Expanded documentation to specify support for fetching current balances, securities depot positions, and all account types in JSON format.
- Added detailed authentication instructions for using Raiffeisen pushTAN app for 2FA approval.
- Updated credential instructions, clarifying configuration file path.
- General improvements to documentation and usability notes.
v1.2.2
- Bumped version to 1.2.2.
- No functional changes; documentation only update.
v1.2.1
- Added metadata section to SKILL.md, including Openclaw emoji and requirements.
- Incremented version to 1.2.1.
v1.2.0
- Added detailed documentation in SKILL.md for credentials, commands, environment variables, and usage.
- Clarified authentication options: environment variables or config.json, with env variables taking precedence.
- Documented Playwright requirement and session state storage with security best practices.
- Specified command-line usage for login, logout, account listing, and transaction fetching.
- Summarized output restrictions for added clarity and security.
元数据
常见问题
raiffeisen-elba 是什么?
Automate Raiffeisen ELBA online banking: login/logout, list accounts, and fetch transactions via Playwright. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1264 次。
如何安装 raiffeisen-elba?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install raiffeisen-elba」即可一键安装,无需额外配置。
raiffeisen-elba 是免费的吗?
是的,raiffeisen-elba 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
raiffeisen-elba 支持哪些平台?
raiffeisen-elba 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 raiffeisen-elba?
由 Oliver Drobnik(@odrobnik)开发并维护,当前版本 v1.4.4。
推荐 Skills