ClawHub

Monarch Money

Security checks across malware telemetry and agentic risk

Overview

This skill transparently connects to Monarch Money to read financial data and refresh linked accounts, but the saved local session should be treated like a sensitive financial login token.

Install only on a trusted machine. Protect ~/.monarchmoney/mm_session.pickle, do not share or sync it to untrusted storage, delete it when you no longer need the skill, and review the monarchmoney Python package before entering Monarch credentials. Run the refresh command only when you intentionally want all linked accounts synced.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger text includes a broad catch-all phrase for 'any personal finance query,' which can cause the skill to activate more often than necessary and route sensitive financial requests into this integration by default. In a finance skill, overbroad activation increases the chance of unnecessary access to highly sensitive account and transaction data, especially when narrower intent matching would suffice.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to store a long-lived authenticated Monarch Money session in a local pickle file that persists for months, but does not warn about the sensitivity of that token or the risks of local theft and unsafe deserialization. Because this skill handles financial data, compromise of the session file could enable unauthorized access to accounts, transactions, budgets, and refresh actions without re-authentication.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script persists an authenticated Monarch Money session to a predictable file under the user's home directory, but it does not warn the user that long-lived financial authentication material is being stored locally or ensure restrictive file permissions. If another local user, malware, backup system, or unintended process can read that file, they may be able to reuse the session to access sensitive financial data without re-entering credentials.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal