Security Audit

ynab

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

ynab received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unpinned third-party CLI dependency, Arbitrary YNAB API access via CLI.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Unpinned third-party CLI dependency The skill installs the `@stephendolan/ynab-cli` package globally via `npm` without specifying a version. This allows for arbitrary version updates, which could introduce breaking changes, vulnerabilities, or malicious code if the package maintainer's account is compromised or a malicious update is pushed. This poses a significant supply chain risk. Pin the dependency to a specific, known-good version (e.g., `@stephendolan/ynab-cli@1.2.3`) to ensure deterministic and secure installations. Regularly review and update the pinned version after verifying its integrity.	LLM	SKILL.md:5
HIGH	Arbitrary YNAB API access via CLI The skill exposes `ynab api GET` and `ynab api POST` commands, allowing it to make arbitrary requests to the YNAB API. This grants the skill excessive permissions, potentially enabling it to perform any action supported by the YNAB API, including those not explicitly listed or intended for the skill's functionality. This broad access increases the attack surface if the skill is compromised or misused, as it can bypass more granular command restrictions. Restrict the skill's capabilities to only the specific YNAB CLI commands required for its intended functionality. Avoid exposing generic API access commands like `ynab api GET/POST` unless absolutely necessary and with strict input validation and sanitization to limit the scope of possible actions.	LLM	SKILL.md:71

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/5a35f266e91687f9.svg)](https://skillshield.io/report/5a35f266e91687f9)