← 返回 Skills 市场
Revolut Business
作者
christianhaberl
· GitHub ↗
· v1.0.1
1719
总下载
1
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install revolut-business
功能描述
Revolut Business API CLI — accounts, balances, transactions, counterparties, payments, FX exchange, CSV export. Auto-refreshes OAuth tokens. Business accounts only (not personal).
安全使用建议
What to consider before installing/running:
- Provenance: the skill's source is listed as unknown; the README points to a GitHub repo. Prefer installing or running code from a known, trusted upstream and compare the files to that upstream repo.
- Metadata mismatch: the code requires REVOLUT_CLIENT_ID and REVOLUT_ISS_DOMAIN and creates private.pem/certificate.pem/tokens.json, but the registry metadata does not declare these env vars/credentials — treat this as a red flag and verify values yourself.
- Sensitive files: the skill will generate and store an RSA private key and OAuth tokens in ~/.clawdbot/revolut. Set strict filesystem permissions (chmod 700 ~/.clawdbot/revolut, chmod 600 private.pem/tokens.json) and only run on machines you control.
- Unexpected .env access: the code tries to load a .env from ~/clawd/.env and a parent-directory .env as a fallback. If you have other secrets in such files, the skill may read them. Either remove/lock those .env files or edit the script to stop reading them before running.
- Interactive setup behaviors: setup.py runs local shell commands (openssl, clipboard utilities), queries ifconfig.me for the public IP, and opens browsers. Run setup interactively on a secure host and inspect the script if you have concerns.
- Review JWT claims/audience: the scripts set aud to https://revolut.com and call the b2b API; this is consistent in the included code but verify with Revolut docs for your account.
- Least privilege: don't run this on a shared CI runner or multi-user server where other users could access ~/.clawdbot/revolut. Consider running inside a dedicated VM or container.
If you are not comfortable, ask the publisher for the canonical repo URL and sign-off, or request that the skill metadata be corrected to list required env vars before installation.
功能分析
Type: OpenClaw Skill
Name: revolut-business
Version: 1.0.1
The OpenClaw Revolut Business skill is benign. It provides a CLI for the Revolut Business API, storing necessary credentials (private key, certificates, OAuth tokens) in the standard `~/.clawdbot/revolut/` directory. All network communication observed in `scripts/revolut.py` and `scripts/setup.py` is directed to the official Revolut Business API endpoint (`https://b2b.revolut.com/api/1.0`) or `ifconfig.me` for public IP discovery during setup. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, or prompt injection attempts in `SKILL.md` or `README.md` to manipulate the AI agent into harmful actions.
能力评估
Purpose & Capability
The skill's name, README, SKILL.md and scripts implement a Revolut Business CLI and only require python3 — that matches the stated purpose. However the registry metadata claims no required environment variables/primary credential even though the code expects REVOLUT_CLIENT_ID and REVOLUT_ISS_DOMAIN and stores keys/tokens under ~/.clawdbot/revolut. The omission in metadata is an inconsistency.
Instruction Scope
SKILL.md and setup.py largely stay within the Revolut onboarding and API usage flow (generate RSA key, upload X509 cert, OAuth code exchange, token refresh). But the runtime code includes a load_env() routine that will read other .env files (e.g., ~/clawd/.env and a parent-path .env) to populate credentials if not set in the environment — this reads user workspace env files outside the skill's directory and could surface unrelated secrets. setup.py also runs shell commands (openssl, curl, clipboard tools) and performs network calls during interactive setup — expected for setup, but worth noting.
Install Mechanism
No external install spec or remote downloads — the skill is instruction+script based and uses standard Python libraries (PyJWT, cryptography). Nothing is being fetched from untrusted URLs or executed from arbitrary archives in the manifest.
Credentials
The functionality legitimately needs a client ID, issuer domain and a private key/certificate. But the registry metadata doesn't declare the required env vars (REVOLUT_CLIENT_ID, REVOLUT_ISS_DOMAIN). Additionally, load_env() attempts to read unrelated .env files (e.g. ~/clawd/.env or a .env found by walking up directories), which is disproportionate for this CLI and risks accidentally exposing unrelated secrets.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It persists credentials under ~/.clawdbot/revolut which is appropriate for a CLI; ensure the directory and files have tight permissions.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install revolut-business - 安装完成后,直接呼叫该 Skill 的名称或使用
/revolut-business触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Fix: description translated to English
v1.0.0
Initial release: Revolut Business API CLI — accounts, balances, transactions, counterparties, payments, FX exchange, CSV export. Auto-refreshes OAuth tokens.
元数据
常见问题
Revolut Business 是什么?
Revolut Business API CLI — accounts, balances, transactions, counterparties, payments, FX exchange, CSV export. Auto-refreshes OAuth tokens. Business accounts only (not personal). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1719 次。
如何安装 Revolut Business?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install revolut-business」即可一键安装,无需额外配置。
Revolut Business 是免费的吗?
是的,Revolut Business 完全免费(开源免费),可自由下载、安装和使用。
Revolut Business 支持哪些平台?
Revolut Business 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Revolut Business?
由 christianhaberl(@christianhaberl)开发并维护,当前版本 v1.0.1。
推荐 Skills