← 返回 Skills 市场
Monarch Money
作者
David Asaf
· GitHub ↗
· v1.0.1
2188
总下载
1
收藏
3
当前安装
2
版本数
在 OpenClaw 中安装
/install monarch-money
功能描述
TypeScript library and CLI for Monarch Money budget management. Search transactions by date/merchant/amount, update categories, list accounts and budgets, manage authentication. Use when user asks about Monarch Money transactions, wants to categorize spending, needs to find specific transactions, or wants to automate budget tasks.
安全使用建议
This package appears coherent for a Monarch Money CLI, but it requires highly sensitive credentials (password + full TOTP/MFA secret). Before installing: (1) verify the source/maintainer since the registry 'Source: unknown' provides no upstream homepage; (2) review the bundled code yourself (or inspect the CaptchaAvoidanceService/CaptchaHandler files) if you are concerned about automation that attempts to circumvent interactive protections; (3) prefer using a throwaway or limited account if you must supply credentials/MFA secret for automation; (4) note that the tool stores session data in ~/.mm/session.json and saves an email to ~/.mm/cli-config.json — check file permissions and delete sessions when no longer needed; (5) be careful running the bundled tests or the 'test' command with write-enabled flags (--allow-writes or --all), as E2E write tests will modify real account data. If you need higher assurance, ask the publisher for provenance (homepage/repo) or run the CLI in an isolated environment first.
功能分析
Type: OpenClaw Skill
Name: monarch-money
Version: 1.0.1
The OpenClaw AgentSkills skill bundle for Monarch Money is a well-structured Node.js CLI and library designed for legitimate interaction with the Monarch Money API. It handles sensitive user credentials (email, password, MFA secret) as required for its stated purpose, storing session and cache data locally in encrypted files with appropriate permissions (`~/.mm/session.json`, `~/.mm/cache.json`). The use of `child_process.spawn` in `cli/commands/test.ts` is limited to running internal E2E tests and is explicitly guarded for write operations, indicating a developer tool rather than malicious intent. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, or prompt injection attempts in `SKILL.md` or other documentation.
能力评估
Purpose & Capability
Name/description (Monarch Money CLI & library) match the files and commands provided. The required environment variables (MONARCH_EMAIL, MONARCH_PASSWORD, MONARCH_MFA_SECRET) are exactly what a headless/automated client would need to log in and perform the described operations. The code targets api.monarch.com consistently (no unexpected remote endpoints).
Instruction Scope
SKILL.md + CLI code stay within the stated domain: listing/updating transactions, categories, accounts, and managing auth. The CLI reads and writes a local session at ~/.mm/session.json and a small cli-config at ~/.mm/cli-config.json (expected). Doctor/doctorCommand performs network connectivity checks to the declared API. Two items to be aware of: (1) documentation suggests disabling/re-enabling MFA to obtain the TOTP secret (this is an operational security risk / user action, not hidden code), and (2) the test command can run E2E tests (optionally write-capable) which will exercise the real API and may modify data if invoked with flags.
Install Mechanism
Install uses the packaged Node module (package: ".") and exposes a binary 'monarch-money'. No external arbitrary downloads, URL shorteners, or remote extract operations are present in the install metadata. This is a standard npm-style install of bundled code.
Credentials
The skill requests only authentication-related secrets (email, password, MFA TOTP secret). Those are sensitive but proportionate to a CLI that must authenticate and perform writes on the user's Monarch account. Users should understand the high sensitivity of MONARCH_MFA_SECRET (full TOTP secret) — providing it grants persistent ability to generate codes. No unrelated credentials or surplus environment variables are requested.
Persistence & Privilege
always:false (not force-included). The skill persists session state under ~/.mm which is appropriate for a CLI that reuses sessions. It does not request system-wide changes or modify other skills' configs. The package can be invoked by the agent autonomously per platform defaults, but that is not unique to this skill.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install monarch-money - 安装完成后,直接呼叫该 Skill 的名称或使用
/monarch-money触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Phase 5 republish with updated docs
v1.0.0
- Initial release of the monarch-money TypeScript library and CLI for Monarch Money budget management
- Search and filter transactions by date, merchant, or amount; update categories and merchant names; add notes
- List accounts, retrieve account details, and list or lookup categories
- Full authentication flow with environment variable support and MFA via TOTP secret
- Includes CLI commands for budget tasks, session management, and diagnostics (doctor command)
- TypeScript library allows programmatic access to budget data and automation of tasks
元数据
常见问题
Monarch Money 是什么?
TypeScript library and CLI for Monarch Money budget management. Search transactions by date/merchant/amount, update categories, list accounts and budgets, manage authentication. Use when user asks about Monarch Money transactions, wants to categorize spending, needs to find specific transactions, or wants to automate budget tasks. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2188 次。
如何安装 Monarch Money?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install monarch-money」即可一键安装,无需额外配置。
Monarch Money 是免费的吗?
是的,Monarch Money 完全免费(开源免费),可自由下载、安装和使用。
Monarch Money 支持哪些平台?
Monarch Money 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Monarch Money?
由 David Asaf(@davideasaf)开发并维护,当前版本 v1.0.1。
推荐 Skills