Manage PocketSmith transactions, categories, budgets and financial data

PassAudited by ClawScan on May 1, 2026.

Overview

This appears to be a coherent PocketSmith API skill, but it handles a financial API key and can change or delete financial records if write mode is enabled.

This skill is not showing malicious behavior in the provided artifacts. Install it only if you trust the source, keep your PocketSmith developer key protected, and keep POCKETSMITH_ALLOW_WRITES disabled unless you intentionally want the agent to modify or delete financial records.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI03: Identity and Privilege Abuse

What this means

Anyone or any agent with this configured key can access PocketSmith data through the skill according to the key's permissions.

Why it was flagged

The skill requires a PocketSmith developer key to access the user's financial account data. This is expected for the stated API integration, but the credential is sensitive.

Skill content

`POCKETSMITH_DEVELOPER_KEY` - Your PocketSmith developer key

Recommendation

Store the developer key securely, revoke it if no longer needed, and avoid sharing agent logs or configuration files that might contain it.

NoteHigh Confidence

ASI02: Tool Misuse and Exploitation

What this means

If write mode is enabled, mistaken or overly broad agent instructions could modify or delete PocketSmith transactions or categories.

Why it was flagged

The skill can create, update, and delete financial records when write mode is explicitly enabled. The default-off control is a useful safeguard, but the capability is high impact.

Skill content

`POCKETSMITH_ALLOW_WRITES` - Set to `true` to enable create, update, and delete operations (disabled by default for safety)

Recommendation

Leave POCKETSMITH_ALLOW_WRITES unset unless you are actively making changes, and review transaction or category IDs carefully before allowing updates or deletes.

NoteMedium Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Future installs may resolve to newer dependency versions than the author originally tested.

Why it was flagged

The package depends on an externally resolved Python dependency range rather than a pinned lockfile in the provided artifacts. This is common for Python projects but is still a supply-chain consideration.

Skill content

dependencies = [
    "httpx>=0.27.0",
]

Recommendation

Install from a trusted source and consider using a lockfile or pinned dependency set in sensitive environments.