Kubera
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is a straightforward Kubera API client, but it handles very sensitive financial data and can update records when given write credentials.
Install only if you trust the skill with Kubera financial data. Use a read-only API key for analysis, reserve write-enabled keys for deliberate updates, and verify any '--confirm' update command before allowing it to run.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent with these credentials may be able to read sensitive financial portfolio information, and write-capable credentials can update Kubera records.
The skill needs Kubera API credentials that can grant access to the user's financial account data, and possibly write access depending on the key permissions.
export KUBERA_API_KEY="your-api-key" export KUBERA_SECRET="your-api-secret" ... Read-only is recommended unless updates are needed.
Use a read-only Kubera API key unless updates are explicitly needed, store credentials in a secrets manager or environment variables, and avoid passing secrets on the command line.
If a write-enabled key is used and the agent supplies '--confirm', Kubera item values, names, costs, or descriptions can be changed.
The script can perform a POST update to a Kubera asset or debt item, but it requires a confirm flag before executing the write.
if not args.confirm:
print(f"Update item {args.item_id} with: {json.dumps(body)}", file=sys.stderr)
print("Add --confirm to execute this write operation.", file=sys.stderr)
sys.exit(1)
result = make_request(api_key, secret, f"/api/v3/data/item/{args.item_id}", method="POST", body=body)Only allow update commands after checking the item ID and new values, and require explicit user confirmation before the agent uses '--confirm'.
Detailed financial holdings, debts, insurance, and documents could become visible to the AI session, terminal output, or logs when raw JSON is requested.
The raw portfolio endpoint can return highly sensitive financial and document-related data, which the script may print into the agent's context or logs.
Full portfolio data including all assets, debts, insurance, documents.
Use narrower commands such as 'summary', 'assets', or 'search' when possible, and only request full JSON in trusted sessions where sensitive output handling is acceptable.
Users have less external context for verifying who maintains the skill or where updates come from.
The registry metadata does not provide an upstream source or homepage to verify provenance, although the included script is visible and the static scan reported clean.
Source: unknown Homepage: none
Review the included script before use, pin the installed version, and prefer trusted distribution channels for future updates.