Pluginv1.3.2

ClawScan security

Yoshi Finance · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 14, 2026, 6:51 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The plugin appears to do what it claims — a set of Yoshi finance workflow instructions that depend on an MCP OAuth connection — but the setup flow will write tokens/scripts to your home directory and add a cron job, so you should review those actions before installing.
Guidance: This plugin is internally coherent for a personal-finance connector: the analysis and workflow skills call a Yoshi MCP API as advertised. Key things to consider before installing: 1) The yoshi-setup skill will store OAuth tokens (access_token and refresh_token) in ~/.yoshi-mcp-state.json and create ~/.yoshi-mcp-refresh.sh plus a cron entry to refresh tokens. These are sensitive artifacts — inspect the exact files, their permissions, and the cron job before running them. 2) The setup suggests installing third-party CLIs (mcporter via npm); verify the upstream project and package source before npm installing globally. 3) If you run OpenClaw on a hosted server, the manual flow will result in long-lived tokens on that server; consider whether you prefer the local mcporter flow instead or to keep refresh scripts under your own control. 4) Confirm the domain used (agents.yoshi.ai) is the expected service for your usage. 5) If you want additional assurance, ask the maintainer for a signed release, or run the setup steps manually line-by-line rather than blindly pasting the provided scripts/cron entry.

Review Dimensions

Purpose & Capability: okThe name/description (personal finance: setup, spending analysis, budgeting, goals, investments, debt optimization) match the included SKILL.md files and the small extension bootstrap. The tasks and required CLI tools (mcporter, curl, jq, openclaw) are coherent with performing an OAuth MCP setup and calling the Yoshi API; nothing requests unrelated cloud/provider credentials or unrelated system access.
Instruction Scope: concernMost runtime SKILL.md files only describe calling Yoshi MCP tools and explicitly claim they do not store user data on disk. However, the yoshi-setup skill contains detailed instructions that write sensitive state to disk (~/.yoshi-mcp-state.json), create an executable refresh script (~/.yoshi-mcp-refresh.sh), set restrictive permissions, and add a cron entry. Those setup actions are within the scope of establishing persistent OAuth access, but they contradict the repeated 'does not store any data on disk' reassurance in other skills and materially expand the agent's actions beyond in-conversation reads.
Install Mechanism: okThis is an instruction-only skill with no install spec and a tiny no-op extension file. That minimizes installer risk. The setup flow suggests installing mcporter via npm if missing (npm install -g mcporter) — installing a third-party CLI is expected for the local OAuth flow but is an external dependency the user should validate before running.
Credentials: noteThe bundle does not require unrelated environment variables. It does, however, instruct storing and using sensitive credentials (access_token and refresh_token) in a local state file and updating the OpenClaw MCP config with a bearer token. Storing those tokens is necessary for the intended persistent MCP connection, but it is sensitive and should be done intentionally by the user. No other unrelated secrets are requested.
Persistence & Privilege: concernThe setup flow creates persistent artifacts (state file, refresh script) and schedules a cron job to run every 45 minutes. Although this persistence is justifiable for token refresh, it does modify the user's crontab and home directory. The skill is not marked always:true and does not autonomously install itself, but it does ask the user to enable ongoing background refresh behavior which increases its persistence and potential blast radius if misused.