← Back to Skills Marketplace
davideasaf

Monarch Money

by David Asaf · GitHub ↗ · v1.0.1
cross-platform ✓ Security Clean
2188
Downloads
1
Stars
3
Active Installs
2
Versions
Install in OpenClaw
/install monarch-money
Description
TypeScript library and CLI for Monarch Money budget management. Search transactions by date/merchant/amount, update categories, list accounts and budgets, manage authentication. Use when user asks about Monarch Money transactions, wants to categorize spending, needs to find specific transactions, or wants to automate budget tasks.
Usage Guidance
This package appears coherent for a Monarch Money CLI, but it requires highly sensitive credentials (password + full TOTP/MFA secret). Before installing: (1) verify the source/maintainer since the registry 'Source: unknown' provides no upstream homepage; (2) review the bundled code yourself (or inspect the CaptchaAvoidanceService/CaptchaHandler files) if you are concerned about automation that attempts to circumvent interactive protections; (3) prefer using a throwaway or limited account if you must supply credentials/MFA secret for automation; (4) note that the tool stores session data in ~/.mm/session.json and saves an email to ~/.mm/cli-config.json — check file permissions and delete sessions when no longer needed; (5) be careful running the bundled tests or the 'test' command with write-enabled flags (--allow-writes or --all), as E2E write tests will modify real account data. If you need higher assurance, ask the publisher for provenance (homepage/repo) or run the CLI in an isolated environment first.
Capability Analysis
Type: OpenClaw Skill Name: monarch-money Version: 1.0.1 The OpenClaw AgentSkills skill bundle for Monarch Money is a well-structured Node.js CLI and library designed for legitimate interaction with the Monarch Money API. It handles sensitive user credentials (email, password, MFA secret) as required for its stated purpose, storing session and cache data locally in encrypted files with appropriate permissions (`~/.mm/session.json`, `~/.mm/cache.json`). The use of `child_process.spawn` in `cli/commands/test.ts` is limited to running internal E2E tests and is explicitly guarded for write operations, indicating a developer tool rather than malicious intent. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, or prompt injection attempts in `SKILL.md` or other documentation.
Capability Assessment
Purpose & Capability
Name/description (Monarch Money CLI & library) match the files and commands provided. The required environment variables (MONARCH_EMAIL, MONARCH_PASSWORD, MONARCH_MFA_SECRET) are exactly what a headless/automated client would need to log in and perform the described operations. The code targets api.monarch.com consistently (no unexpected remote endpoints).
Instruction Scope
SKILL.md + CLI code stay within the stated domain: listing/updating transactions, categories, accounts, and managing auth. The CLI reads and writes a local session at ~/.mm/session.json and a small cli-config at ~/.mm/cli-config.json (expected). Doctor/doctorCommand performs network connectivity checks to the declared API. Two items to be aware of: (1) documentation suggests disabling/re-enabling MFA to obtain the TOTP secret (this is an operational security risk / user action, not hidden code), and (2) the test command can run E2E tests (optionally write-capable) which will exercise the real API and may modify data if invoked with flags.
Install Mechanism
Install uses the packaged Node module (package: ".") and exposes a binary 'monarch-money'. No external arbitrary downloads, URL shorteners, or remote extract operations are present in the install metadata. This is a standard npm-style install of bundled code.
Credentials
The skill requests only authentication-related secrets (email, password, MFA TOTP secret). Those are sensitive but proportionate to a CLI that must authenticate and perform writes on the user's Monarch account. Users should understand the high sensitivity of MONARCH_MFA_SECRET (full TOTP secret) — providing it grants persistent ability to generate codes. No unrelated credentials or surplus environment variables are requested.
Persistence & Privilege
always:false (not force-included). The skill persists session state under ~/.mm which is appropriate for a CLI that reuses sessions. It does not request system-wide changes or modify other skills' configs. The package can be invoked by the agent autonomously per platform defaults, but that is not unique to this skill.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install monarch-money
  3. After installation, invoke the skill by name or use /monarch-money
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Phase 5 republish with updated docs
v1.0.0
- Initial release of the monarch-money TypeScript library and CLI for Monarch Money budget management - Search and filter transactions by date, merchant, or amount; update categories and merchant names; add notes - List accounts, retrieve account details, and list or lookup categories - Full authentication flow with environment variable support and MFA via TOTP secret - Includes CLI commands for budget tasks, session management, and diagnostics (doctor command) - TypeScript library allows programmatic access to budget data and automation of tasks
Metadata
Slug monarch-money
Version 1.0.1
License
All-time Installs 3
Active Installs 3
Total Versions 2
Frequently Asked Questions

What is Monarch Money?

TypeScript library and CLI for Monarch Money budget management. Search transactions by date/merchant/amount, update categories, list accounts and budgets, manage authentication. Use when user asks about Monarch Money transactions, wants to categorize spending, needs to find specific transactions, or wants to automate budget tasks. It is an AI Agent Skill for Claude Code / OpenClaw, with 2188 downloads so far.

How do I install Monarch Money?

Run "/install monarch-money" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Monarch Money free?

Yes, Monarch Money is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Monarch Money support?

Monarch Money is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Monarch Money?

It is built and maintained by David Asaf (@davideasaf); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments