Actual Budget
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for Actual Budget, but it requires budget credentials and can make synced financial changes, so users should approve any writes explicitly.
Before installing, make sure you trust the environment where Node.js and `@actual-app/api` will run. Store Actual credentials securely, back up your budget, and require explicit confirmation before any import, account change, rule/schedule creation, bank sync, or `api.sync()` operation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could create, update, import, close, or sync budget data in a way that changes the user's financial records.
The skill supports high-impact financial write operations, but it also instructs the agent to get or rely on explicit user approval before applying mutations.
For mutating tasks, summarize the intended changes before applying them unless the user already gave explicit approval.
Require a clear summary and explicit confirmation before any write, sync, bank-sync, import, account-close, rule, schedule, or budget-change action.
Anyone or any process with these values could access the user's budget data and potentially modify it through the Actual API.
The skill requires credentials that grant access to the user's Actual Budget instance and selected budget file. This is expected for the purpose, but it is sensitive account access.
`ACTUAL_SERVER_URL` | Yes | Actual server URL ... `ACTUAL_PASSWORD` | Yes | Server password ... `ACTUAL_SYNC_ID` | Yes | Budget Sync ID
Provide credentials only through a trusted local environment or wrapper, keep them out of chat and repositories, and use the least-privileged setup available.
Budget details, transaction histories, account names, and exports are private financial data that could be exposed in responses, logs, or local cache files if mishandled.
The instructions acknowledge that financial records, exports, and secrets may enter the agent context or outputs, and they direct redaction by default.
Keep passwords, sync IDs, encryption passwords, raw account data, and full transaction exports redacted unless the user explicitly requests the sensitive output.
Ask for summaries when possible, avoid sharing full exports unless necessary, and protect or clean up the configured Actual data cache.
Version mismatches can make it harder to verify exactly which skill package was reviewed or installed.
The local metadata version differs from the registry metadata version shown as 1.0.4, which is a minor packaging/provenance inconsistency. No malicious behavior is shown by this mismatch.
"version": "1.0.2"
Confirm the installed skill version and install only the disclosed official `@actual-app/api` package from npm, preferably with version pinning in your own environment.