Copilot Money Skill
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill matches its finance purpose, but it asks users to install an unofficial CLI that reads browser session tokens and accesses sensitive financial data without reviewable code or declared credential scope.
Review this carefully before installing. The functionality is relevant to Copilot Money, but the tool is unofficial, unreviewed in this artifact set, and designed to read browser session storage for a financial-service token. Install only if you trust the package, understand where the token is stored, and are comfortable exposing Copilot Money balances, transactions, holdings, and refresh capability to the CLI and agent session.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The installed tool could access your Copilot Money account and sensitive financial information using a browser-derived session token.
The skill directs use of a tool that extracts a financial-service session/refresh token from local browser storage. This is high-impact credential access, and the registry metadata declares no primary credential or required config paths.
The CLI auto-detects your Copilot Money refresh token from supported browsers on macOS... reads your browser's local IndexedDB storage to find your Copilot Money session token.
Only use this if you trust the package and understand the credential access. Prefer manual token entry if available, inspect the package/source first, and revoke or rotate the Copilot Money session if you stop using it.
You would be trusting an unreviewed third-party package with access to financial credentials and account data.
The reviewed skill is instruction-only and sends users to install an external CLI package. Because that package is not included in the artifacts, its handling of browser tokens and financial data cannot be reviewed here.
pip install copilot-money-cli
Verify the package maintainer and source repository, pin the package version, install in an isolated environment, and review the code before allowing it to read browser session storage.
If invoked, the tool may contact financial institutions through Copilot Money to refresh linked account data.
The CLI can trigger a refresh of all linked bank connections. This is aligned with the stated finance-sync purpose, but it is still an account-affecting external action.
copilot-money refresh # Refresh all bank connections
Run refresh commands only when you intend to sync bank data, and confirm which Copilot Money account/session the CLI is using.
Account balances, transactions, net worth, and holdings could appear in chat context or command output.
The skill is designed to retrieve highly sensitive personal finance data into the agent or terminal context. This is purpose-aligned, but users should treat the outputs as private.
Query Copilot Money personal finance data (accounts, transactions, net worth, holdings, asset allocation)
Avoid using this skill in shared sessions, do not paste outputs into unrelated tools, and be careful with JSON exports or saved transcripts.