← Back to Skills Marketplace

Manage PocketSmith transactions, categories, budgets and financial data

Name: Manage PocketSmith transactions, categories, budgets and financial data
Author: lextoumbourou

by lextoumbourou · GitHub ↗ · vv1.0.0

cross-platform ✓ Security Clean

1371

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install pocketsmith-skill

Description

Manage PocketSmith transactions, categories, and financial data via the API

Usage Guidance

This skill appears to do exactly what it says: a CLI for the PocketSmith API. Before installing, consider: (1) the developer key gives access to your PocketSmith account — only install if you trust the skill and source; (2) write operations are disabled by default — only set POCKETSMITH_ALLOW_WRITES=true when you intend to perform adds/edits/deletes; (3) the package depends on httpx and will make network calls to api.pocketsmith.com (expected); (4) if you want additional assurance, review the GitHub repo referenced in the README yourself, or create a scoped developer key in PocketSmith for use with this skill and store it securely in your environment. No evidence of hidden endpoints, unrelated credential requests, or filesystem exfiltration was found.

Capability Analysis

Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill Suspicious High-Entropy/Eval files: 5 The OpenClaw AgentSkills skill bundle for PocketSmith is benign. It provides a CLI for managing PocketSmith financial data via its official API. The skill correctly retrieves the `POCKETSMITH_DEVELOPER_KEY` from environment variables for authentication and explicitly protects all write operations (create, update, delete) by requiring the `POCKETSMITH_ALLOW_WRITES=true` environment variable, as seen in `src/pocketsmith/cli.py` and documented in `SKILL.md` and `README.md`. All network communication is directed to the legitimate PocketSmith API at `https://api.pocketsmith.com/v2` (defined in `src/pocketsmith/client.py`). There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts against the agent in any of the provided files.

Capability Assessment

✓ Purpose & Capability

Name/description, SKILL.md, README, IMPLEMENTATION_NOTES and source files consistently implement a PocketSmith CLI using the PocketSmith API (base URL https://api.pocketsmith.com/v2). The only required env var is POCKETSMITH_DEVELOPER_KEY which matches the stated auth method.

✓ Instruction Scope

Runtime instructions and CLI commands only reference the PocketSmith API and local CLI invocation. They do not instruct reading unrelated system files, scanning other credentials, or transmitting data to third‑party endpoints. Write operations require an explicit POCKETSMITH_ALLOW_WRITES=true opt‑in.

✓ Install Mechanism

No registry install spec is present; repository contains a normal pyproject.toml (httpx dependency) and standard CLI entrypoint. There are no downloads from arbitrary URLs, no extract-from-unknown-host steps, and no obfuscated install actions.

✓ Credentials

Only POCKETSMITH_DEVELOPER_KEY is required and POCKETSMITH_ALLOW_WRITES is an optional safety flag. No unrelated secrets or multiple service credentials are requested. The code reads exactly these env vars.

✓ Persistence & Privilege

Skill does not request always:true, does not modify other skills or global agent config, and only performs API calls. Autonomous invocation is allowed by platform default but the skill itself does not grant elevated persistent privileges.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install pocketsmith-skill
After installation, invoke the skill by name or use /pocketsmith-skill
Provide required inputs per the skill's parameter spec and get structured output

Version History

vv1.0.0

Initial release of the PocketSmith skill. - Manage transactions and categories via the PocketSmith API: list, search, create, update, and delete (writes off by default). - Extensive CLI commands for handling authentication, transactions, categories, labels, and budget/forecast data. - Read and write separation enforced using `POCKETSMITH_ALLOW_WRITES` environment variable for safety. - Output in JSON; consistent use of `YYYY-MM-DD` date format. - Documentation includes examples, command filters, and common financial workflows.

Metadata

Slug pocketsmith-skill

Version v1.0.0

License —

All-time Installs 2

Active Installs 2

Total Versions 1

Frequently Asked Questions

What is Manage PocketSmith transactions, categories, budgets and financial data?

Manage PocketSmith transactions, categories, and financial data via the API. It is an AI Agent Skill for Claude Code / OpenClaw, with 1371 downloads so far.

How do I install Manage PocketSmith transactions, categories, budgets and financial data?

Run "/install pocketsmith-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Manage PocketSmith transactions, categories, budgets and financial data free?

Yes, Manage PocketSmith transactions, categories, budgets and financial data is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Manage PocketSmith transactions, categories, budgets and financial data support?

Manage PocketSmith transactions, categories, budgets and financial data is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Manage PocketSmith transactions, categories, budgets and financial data?

It is built and maintained by lextoumbourou (@lextoumbourou); the current version is vv1.0.0.

More Skills