Starling Bank
WarnAudited by ClawScan on May 10, 2026.
Overview
This banking skill is disclosed and purpose-aligned, but it requires a Starling access token and can perform high-impact financial changes without documented confirmation or scope limits.
Only install this if you fully trust the starling-bank-mcp package and are comfortable giving an agent access to your Starling account. Use the narrowest possible token scopes, avoid enabling payment/write permissions unless necessary, require explicit confirmation for every money movement or account change, and do not store banking details in general agent memory.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent calls the wrong tool or uses wrong arguments, it could send money, remove payees, move savings funds, or lock/unlock cards.
These are high-impact financial and account-control operations, and the artifacts do not document confirmation, amount limits, payee verification, or rollback controls before the agent uses them.
`payment_create` | Send money to a payee ... `payee_delete` | Delete a payee ... `card_lock_update` | Enable or disable (lock/unlock) a card
Require explicit user confirmation for every payment or account-changing action, verify payee and amount details, and prefer read-only access unless mutations are truly needed.
A broadly scoped token could allow access to sensitive banking information and account-changing actions through the MCP server.
The skill requires a bank access token capable of Starling API operations, but the provided metadata declares no primary credential or required environment variable, and the token scopes are not bounded in the artifacts.
Requires the starling-bank-mcp npm package and a Starling personal access token ... --env STARLING_BANK_ACCESS_TOKEN="YOUR_TOKEN"
Use the least-privileged Starling token possible, avoid payment/write scopes unless needed, revoke the token when done, and declare the credential requirement clearly in metadata.
Banking identifiers or account details could persist beyond the current task and be reused or exposed in later sessions.
The skill instructs persistent storage of banking account details without specifying user consent, retention, minimization, encryption, or when the stored data should be deleted.
Store account details in your memory/config for future use
Do not store banking details in general agent memory; if needed, store only minimal IDs in a secure user-controlled config and provide a clear deletion path.
The actual code handling the bank token and API calls is outside this review and may change if installed without a pinned version.
The skill relies on a globally installed, unpinned npm MCP server that is not included in the reviewed artifact set; this is central to the stated purpose but should be verified by the user.
npm i -g starling-bank-mcp
Inspect the npm package, pin a trusted version, and install only from a verified source before providing a banking token.