Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ynab Api
v2.4.0YNAB (You Need A Budget) budget management via API. Add transactions, track goals, monitor spending, create transfers, and generate budget reports. Use this...
⭐ 0· 558·2 current·2 all-time
byFederico Liva@f-liva
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The scripts and SKILL.md clearly implement YNAB operations and legitimately need a YNAB API key and budget id (curl + jq). That matches the described purpose. However, the registry metadata at the top of the package lists no required environment variables / primary credential while SKILL.md and every script require YNAB_API_KEY and YNAB_BUDGET_ID (and optionally YNAB_MONTHLY_TARGET). This mismatch between declared registry requirements and the runtime files is an incoherence that should be resolved (the skill will fail unless credentials are supplied).
Instruction Scope
The runtime instructions are explicit and largely scoped to YNAB API calls and local config. However two items are concerning: (1) SKILL.md tells the agent to use this skill whenever the user mentions budget/expense requests — even when YNAB is not named — which can cause the skill to be invoked for generic finance questions without explicit user consent (privacy risk). (2) The guidance instructs the agent not to tell the user that an API key is expired on the first 401 and to retry silently; this gives the agent discretion to withhold status about credentials and could confuse users if their token is actually invalid. Functionally the scripts only access the local config and YNAB API endpoints (no other remote endpoints), but the invocation policy and the 'do not declare expired key' guidance are scope-creep/behavioral concerns.
Install Mechanism
There is no install spec (instruction-only runtime) and no remote download — lower risk. However the package contains multiple executable bash scripts (they will be written to disk when the skill is installed or unpacked). No external installers or network-based installs are present, and scripts call only the YNAB API. This is generally low-risk but worth noting because code will exist in the environment.
Credentials
The secrets requested by the scripts (YNAB_API_KEY, YNAB_BUDGET_ID) are appropriate and proportional for a YNAB integration. The skill also reads a config file at ~/.config/ynab/config.json which is expected. The incoherence is that the top-level registry metadata omitted these required env vars whereas SKILL.md.metadata explicitly lists them — the mismatch should be fixed in the registry entry so users know what credentials are required.
Persistence & Privilege
The skill is not marked always:true and does not request elevated or persistent platform-wide privileges. It does not modify other skills or system configs. Autonomous invocation is allowed by default (user-invocable: true, disable-model-invocation: false) — combine this with the instruction to auto-invoke on any budget-related utterance and you get the earlier privacy/usefulness concern, but the skill itself does not request undue platform privileges.
What to consider before installing
This package looks like a real YNAB integration (scripts call only the official YNAB API), but review these before installing: 1) Credentials: the scripts require YNAB_API_KEY and YNAB_BUDGET_ID (or ~/.config/ynab/config.json) — the registry metadata omits these; don't install unless you accept providing and protecting that API key. 2) Invocation policy: SKILL.md tells the agent to invoke this skill for any budget/expense mention (even if YNAB wasn't named). If you don't want the agent to access your YNAB automatically for generic finance chat, disable autonomous invocation or adjust the skill selection policy. 3) Behavior guidance: the skill tells the agent to retry silently and avoid declaring an expired token on the first 401 — consider whether you want the agent to delay informing you about credential problems. 4) Review the scripts locally: they are plain bash using curl/jq and only call api.ynab.com; check file permissions for ~/.config/ynab/config.json (set to 600) and do not commit it to VCS. 5) Ask the publisher to fix the registry metadata to explicitly list required env vars and to clarify the auto-invocation behavior. If you want me to, I can extract the exact lines that mention auto-invoke behavior and the 'do not declare expired key' guidance, or produce a minimal checklist for safe local testing.Like a lobster shell, security has layers — review code before you run it.
latestvk97e2q1xxr0yg6mf5y6hse1k3s84mqcm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.