Ledgi
ReviewAudited by ClawScan on May 10, 2026.
Overview
Ledgi appears purpose-aligned, but it can read and modify personal finance-tracker data through a broad CLI/API-key setup, so users should review it before installing.
Only install this if you trust the Ledgi CLI source and are comfortable giving an agent access to your Ledgi finance-tracker data. Use a limited-scope API key if possible, review any curl-to-bash installer before running it, and ask the agent to show and confirm all account, holding, snapshot, or ISA changes before it runs write commands.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly or from an ambiguous user request, the agent could create or update multiple Ledgi records or log deposits that affect the user's finance-tracking data.
The skill grants broad Ledgi CLI access and documents write/bulk-write commands that can change the user's personal finance-tracker records, but it does not require an explicit user confirmation or preview before these mutations.
allowed-tools: Bash(ledgi *), Bash(echo *), Write ... ledgi accounts bulk-upsert --file /tmp/accounts.json ... ledgi holdings bulk-upsert --file /tmp/holdings.json ... ledgi isa deposit --account-id ACCOUNT_ID --amount 5000
Require clear user confirmation before any write, bulk-upsert, snapshot creation, or ISA deposit; preview the exact changes first; and consider narrowing allowed commands to documented read/write subcommands.
A Ledgi API key may allow the agent to read and modify personal finance-tracker data according to the key's scopes.
The skill needs Ledgi account credentials to access finance data. This is expected for the stated purpose, but users should understand that the credential can authorize sensitive read and write operations.
The `LEDGI_API_KEY` environment variable must be set, or the user must have run `ledgi login --api-key ledgi_sk_...`
Use a least-privilege Ledgi API key where possible, avoid pasting keys into chat, rotate/revoke keys when no longer needed, and verify which scopes are granted.
If the remote installer changes or the source is compromised, installing the CLI could run unexpected local code.
The setup instruction runs a remote shell installer from an unpinned GitHub main-branch URL. This is user-directed and related to the CLI purpose, but the installer contents are not included in the artifacts.
curl -fsSL https://raw.githubusercontent.com/LedgiApp/ledgi-cli/main/install.sh | bash
Install from a verified release when available, review the installer before running it, and prefer pinned versions or checksums.