ClawHub

Ynab Api

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate YNAB helper, but it should go to Review because it can change live budget records from broad finance prompts without built-in confirmation.

Install only if you want an agent to access your YNAB budget and potentially modify records. Before any add, transfer, or approval action, verify the exact account, payee, date, amount, category, and whether the request should use YNAB at all. Keep the YNAB token private, restrict the config file permissions, and be careful with scheduled reports because their output may expose personal financial details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill advertises shell-based script execution but does not declare corresponding permissions, which creates a transparency and policy gap. In a finance-management skill, undeclared shell capability increases the risk of unreviewed local command execution, file access, and misuse of secrets such as API tokens.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README prominently describes actions that mutate a live YNAB budget, such as adding transactions and creating transfers, but does not warn users that these operations affect real financial data. In an agentic context, this increases the chance of accidental writes or user misunderstanding, which can corrupt budget records or trigger unintended financial workflow changes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README instructs users to place a long-lived YNAB API token in a config file or environment variable without any guidance on protecting that credential. If the token is exposed through weak file permissions, shell history, logs, backups, or repository commits, an attacker could access and modify the user's financial data via the YNAB API.

Vague Triggers

High
Confidence
97% confidence
Finding
The trigger text is extremely broad and can activate on generic personal-finance phrases like 'add an expense' or 'check my budget' even when the user did not explicitly ask to use YNAB. Because this skill can modify financial records, overbroad invocation materially increases the chance of unintended API actions against a user's budget.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The description markets convenience for common budgeting requests but does not clearly warn that the skill can create transactions, approve pending items, and create transfers through a live financial API. Users may reasonably interpret casual prompts as informational, leading to unintentional modification of financial records.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The add-transaction flow performs a state-changing POST that creates a financial record immediately after collecting user input, with no review or confirmation step. In a finance-management skill, accidental or misdirected writes are more dangerous because they can corrupt budget data, create misleading spending records, and trigger downstream automation or reporting errors.

Vague Triggers

High
Confidence
97% confidence
Finding
The manifest description contains very broad trigger phrases such as generic expense, spending, and budget requests, which can cause the skill to activate for financial tasks the user did not explicitly intend for YNAB. In this context, overbroad routing is dangerous because the skill is capable of creating or modifying personal financial records, so accidental invocation could lead to unauthorized or incorrect budget changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill encourages transaction and transfer creation via API without requiring an explicit warning or confirmation before modifying financial data. In a budgeting context, silent write actions can alter records, distort reports, and create user harm if the request was ambiguous or the agent inferred the wrong account, category, or amount.

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: ynab-api
description: "YNAB (You Need A Budget) budget management via API. Add transactions, track goals, monitor spending, create transfers, and generate budget reports. Use this skill whenever the user mentions YNAB, budget tracking, spending analysis, budget goals, Age of Money, or wants to manage their personal finances -- even if they just say 'add an expense', 'how much did I spend', 'check my budget', or 'upcoming bills' without naming YNAB explicitly. Also use for automated budget reports and financial summaries."
user-invocable: true
metadata: {"requiredEnv": ["YNAB_API_KEY", "YNAB_BUDGET_ID"]}
---
Confidence
78% confidence
Finding
create transfers, and generate budget reports. Use this skill whenever the user mentions YNAB, budget tracking, spending analysis, budget goals, Age of Money, or wants to manage their personal finance

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal