Tmp.QxTMN6G9ww
WarnAudited by ClawScan on May 16, 2026.
Overview
The skill matches its Credit Karma transaction-analysis purpose, but it requires full session cookies, runs an external unreviewed MCP package, and stores sensitive financial data locally.
Review this carefully before installing. It may be useful for Credit Karma spending analysis, but only use it if you trust the external creditkarma-mcp package with your logged-in Credit Karma session and are comfortable storing detailed financial transactions on your local machine.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any code with access to that cookie may be able to act as the signed-in Credit Karma user until the session expires or is revoked.
The skill asks for a full signed-in Credit Karma session cookie, including refresh-capable tokens, and stores it. That is high-impact account authority and is broader than a clearly scoped read-only credential.
Call `ck_set_session` with your Cookie header to store credentials and enable auto-refresh... CKAT carries the access + refresh JWTs
Only use this with code you have audited or strongly trust; prefer a scoped token if available, store the cookie securely, and rotate/sign out after use.
A changed or compromised npm package could access the user's Credit Karma session cookie or locally synced financial records.
The setup runs an external npm package without pinning a version in the example. The reviewed skill contains no MCP server code, yet that external package would receive Credit Karma session cookies and financial data.
"command": "npx", "args": ["-y", "creditkarma-mcp"]
Pin and verify the package version, review the source before use, and avoid giving session cookies to unreviewed code.
Detailed financial history may remain on the device and could be read later by other local processes, backups, or future agent tasks.
The skill persists sensitive transaction history, including raw JSON, in a local database but does not document the path, retention period, encryption, access controls, or cleanup steps.
syncs transactions into a local SQLite database... transactions (id, date, description, status, amount, account_id, category_id, merchant_id, raw_json)
Document and review where the database is stored, protect it with appropriate file permissions or encryption, and provide a clear deletion/cleanup procedure.
The agent may retrieve more transaction detail than the user expected if prompts are vague or broad.
The raw SQL tool is disclosed and limited to SELECT, so it is purpose-aligned, but it can still expose broad local financial data if used too broadly.
`ck_query_sql(sql)` | Read-only SQL query against the local database (SELECT only)
Use specific date ranges, merchants, or categories when querying, and avoid broad SQL queries unless you intend to review the full dataset.