ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Copilot Money Skill

v1.1.2

Query Copilot Money personal finance data (accounts, transactions, net worth, holdings, asset allocation) and refresh bank connections. Use when the user asks about finances, account balances, recent transactions, net worth, investment allocation, or wants to sync/refresh bank data.

0· 2.8k·15 current·15 all-time
by@jayhickey
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the runtime instructions: the SKILL.md documents a CLI that lists accounts, transactions, net worth and can refresh bank connections. Obtaining a Copilot Money refresh token (from the browser or manual entry) and storing a local config file is consistent with the described functionality.
Instruction Scope
The instructions tell the agent/user to run a third‑party CLI (copilot-money) and use commands like `config init` which will auto-detect a refresh token by reading browser IndexedDB on macOS. Reading browser storage is sensitive but is explicitly tied to acquiring the service token; the SKILL.md does not instruct the agent to read unrelated files or exfiltrate arbitrary data.
Install Mechanism
There is no platform install spec; SKILL.md instructs `pip install copilot-money-cli`. Installing a PyPI package is a reasonable delivery mechanism, but the package itself is external and not included in the skill bundle — you should verify the package's publisher/source before installing.
Credentials
The skill declares no environment variables, which is fine. However it relies on local credentials (a Copilot Money refresh token) that the CLI may extract from browser IndexedDB and stores config at `~/.config/copilot-money/config.json`. Access to browser storage and a persistent token file is sensitive but proportionate to the stated purpose.
Persistence & Privilege
always:false (normal). The CLI will persist a token/config file in the user's home config directory; writing its own config is expected, but this creates a persistent credential on disk that you should protect and consider when granting access.
Assessment
This skill is internally consistent with a Copilot Money CLI: it needs a refresh token and offers an auto-detect feature that reads browser IndexedDB on macOS and saves a token to ~/.config/copilot-money/config.json. Before installing or running it: 1) verify the copilot-money-cli package source (PyPI project page, repository, author) and inspect the code if possible; 2) prefer manual token entry if you do not want any tool scanning your browser storage; 3) run the CLI in an isolated environment (VM/container) if you are unsure; 4) check and restrict file permissions on the saved config file, and be prepared to revoke the refresh token from Copilot Money if needed; 5) avoid granting the skill or agent blanket access to your machine’s browser profiles or system if you don’t trust the package. Because this is an instruction-only skill that points to an external package, uncertainty about the third‑party code is the main reason confidence is not high.

Like a lobster shell, security has layers — review code before you run it.

latestvk9742rkj88ar4b9ard1gmbvd3d7zgez3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments