技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.1
统计:⭐ 1 · 1.5k · 0 current installs · 0 all-time installs
⭐ 1
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :可疑
Package:revolut-business
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :可疑
OpenClaw 评估
This appears to be a legitimate Revolut Business CLI, but there are inconsistencies and some scope creep (it looks for other .env files and the registry metadata omits required environment variables), so review before installing or running.
目的
The skill's name, README, SKILL.md and scripts implement a Revolut Business CLI and only require python3 — that matches the stated purpose. However the registry metadata claims no required environment variables/primary credential even though the code expects REVOLUT_CLIENT_ID and REVOLUT_ISS_DOMAIN and stores keys/tokens under ~/.clawdbot/revolut. The omission in metadata is an inconsistency.
说明范围
SKILL.md and setup.py largely stay within the Revolut onboarding and API usage flow (generate RSA key, upload X509 cert, OAuth code exchange, token refresh). But the runtime code includes a load_env() routine that will read other .env files (e.g., ~/clawd/.env and a parent-path .env) to populate credentials if not set in the environment — this reads user workspace env files outside the skill's directory and could surface unrelated secrets. set…
安装机制
No external install spec or remote downloads — the skill is instruction+script based and uses standard Python libraries (PyJWT, cryptography). Nothing is being fetched from untrusted URLs or executed from arbitrary archives in the manifest.
证书
The functionality legitimately needs a client ID, issuer domain and a private key/certificate. But the registry metadata doesn't declare the required env vars (REVOLUT_CLIENT_ID, REVOLUT_ISS_DOMAIN). Additionally, load_env() attempts to read unrelated .env files (e.g. ~/clawd/.env or a .env found by walking up directories), which is disproportionate for this CLI and risks accidentally exposing unrelated secrets.
持久
The skill does not request always:true and does not modify other skills or system-wide settings. It persists credentials under ~/.clawdbot/revolut which is appropriate for a CLI; ensure the directory and files have tight permissions.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Revolut Business」。简介:Revolut Business API CLI — accounts, balances, transactions, counterparties, pa…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/christianhaberl/revolut-business/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: revolut
description: "Revolut Business API CLI — accounts, balances, transactions, counterparties, payments, FX exchange, CSV export. Auto-refreshes OAuth tokens. Business accounts only (not personal)."
version: 1.0.0
metadata: {"clawdbot":{"emoji":"💶","requires":{"bins":["python3"]}}}
---
# Revolut Business API
Full CLI for **Revolut Business** — accounts, transactions, payments, FX, exports.
**Entry point:** `python3 {baseDir}/scripts/revolut.py`
## Setup
### Interactive Setup Wizard (recommended)
```bash
python3 {baseDir}/scripts/setup.py
```
Walks you through everything: key generation, Revolut certificate upload, OAuth callback, authorization.
### Manual Setup
- Python 3.10+, `pip install PyJWT cryptography`
- Revolut Business account with API certificate
- See [README](https://github.com/christianhaberl/revolut-openclaw-skill) for detailed step-by-step guide
### Credentials
Stored in `~/.clawdbot/revolut/`:
- `private.pem` — RSA private key (for JWT signing)
- `certificate.pem` — X509 cert (uploaded to Revolut)
- `tokens.json` — OAuth tokens (auto-managed)
- `config.json` — client ID, domain, redirect URI
Environment variables (in `.env`):
- `REVOLUT_CLIENT_ID` — from Revolut API settings
- `REVOLUT_ISS_DOMAIN` — your redirect URI domain (without https://)
## Commands
### Accounts & Balances
```bash
python3 {baseDir}/scripts/revolut.py accounts # List all accounts with balances
python3 {baseDir}/scripts/revolut.py balance # Total EUR balance
python3 {baseDir}/scripts/revolut.py accounts --json # JSON output
```
### Transactions
```bash
python3 {baseDir}/scripts/revolut.py transactions # Last 20
python3 {baseDir}/scripts/revolut.py tx -n 50 # Last 50
python3 {baseDir}/scripts/revolut.py tx --since 2026-01-01 # Since date
python3 {baseDir}/scripts/revolut.py tx --since 2026-01-01 --to 2026-01-31
python3 {baseDir}/scripts/revolut.py tx -a Main # Filter by account
python3 {baseDir}/scripts/revolut.py tx --type card_payment # Filter by type
python3 {baseDir}/scripts/revolut.py tx --json # JSON output
```
Transaction types: `card_payment`, `transfer`, `exchange`, `topup`, `atm`, `fee`, `refund`
### Counterparties
```bash
python3 {baseDir}/scripts/revolut.py counterparties # List all
python3 {baseDir}/scripts/revolut.py cp --name "Lisa" # Search by name
python3 {baseDir}/scripts/revolut.py cp --json
```
### Payments
```bash
# Send payment (with confirmation prompt)
python3 {baseDir}/scripts/revolut.py pay -c "Lisa Dreischer" --amount 50.00 --currency EUR -r "Lunch"
# Create draft (no immediate send)
python3 {baseDir}/scripts/revolut.py pay -c "Lisa Dreischer" --amount 50.00 --draft -r "Lunch"
# Skip confirmation
python3 {baseDir}/scripts/revolut.py pay -c "Lisa Dreischer" --amount 50.00 -y
```
### Currency Exchange
```bash
python3 {baseDir}/scripts/revolut.py exchange --amount 100 --sell EUR --buy USD
python3 {baseDir}/scripts/revolut.py fx --amount 500 --sell EUR --buy GBP
```
### Internal Transfers
```bash
python3 {baseDir}/scripts/revolut.py transfer --from-account <ID> --to-account <ID> --amount 100
```
### Export (CSV)
```bash
python3 {baseDir}/scripts/revolut.py export # Print CSV to stdout
python3 {baseDir}/scripts/revolut.py export -n 200 -o transactions.csv # Save to file
python3 {baseDir}/scripts/revolut.py export --since 2026-01-01 -o jan.csv
```
### Token Status
```bash
python3 {baseDir}/scripts/revolut.py token-info
```
## Token Auto-Refresh
- Access tokens expire after ~40 minutes
- Automatically refreshed using the refresh token before API calls
- No manual intervention needed after initial auth
## Security Notes
- Private key and tokens are stored in `~/.clawdbot/revolut/` — treat as sensitive
- Payments require explicit confirmation (use `--yes` to skip)
- `--draft` creates payment drafts that need approval in Revolut app
- Never share your private key, tokens, or client assertion JWT