plaid
ReviewAudited by ClawScan on May 10, 2026.
Overview
This Plaid skill is coherent and purpose-aligned, but it handles sensitive financial credentials and account data, so users should only install it if they trust the external CLI and protect its token storage.
Before installing, make sure you trust the github.com/jverdi/plaid-cli module because it will handle Plaid credentials and financial data. Prefer sandbox credentials for testing, protect the ~/.plaid-cli directory, do not ask the agent to print access tokens, and only set up cron monitoring if you intentionally want ongoing transaction checks.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the credentials or stored tokens are exposed, someone could access Plaid-linked financial account information such as balances and transactions.
The skill requires Plaid API credentials and stores access tokens locally. This is expected for a Plaid CLI, but it gives access to linked financial account data.
Export `PLAID_CLIENT_ID`, `PLAID_SECRET`, and `PLAID_ENVIRONMENT` ... Data directory: `~/.plaid-cli` (stores tokens and aliases).
Use sandbox credentials when possible, protect ~/.plaid-cli, avoid sharing logs or terminal output, and only use production Plaid credentials when you understand the access being granted.
The installed binary will handle financial credentials and data, so a compromised or untrusted upstream package could have serious consequences.
The skill installs an external Go CLI that was not included in the provided artifacts. The version is pinned, and the dependency is central to the skill's stated purpose.
go | module: github.com/jverdi/plaid-cli@0.0.2 | creates binaries: plaid-cli
Install only if you trust the upstream plaid-cli project and consider reviewing the module source before using it with production credentials.
A scheduled job could continue checking transaction data after the immediate request is finished.
The skill documents an optional recurring polling workflow. This is user-directed and purpose-aligned, but it can create ongoing background access to financial transaction data if the user configures cron.
Monitor transactions ... Poll a rolling window ... Use cron for scheduling.
Only create cron jobs intentionally, keep them narrowly scoped, and remove them when monitoring is no longer needed.