pp-monarch-money
Warn
Audited by Socket on May 20, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS. The skill is broadly aligned with its stated Monarch Money purpose and requested credentials are proportionate, but it requires installing and trusting an external CLI via mutable installers and enables financial record mutations. No clear credential-harvesting or off-purpose exfiltration is shown, so this looks more like a moderate supply-chain and real-world-action risk than confirmed malware.
Confidence: 81%Severity: 58%
Audit Metadata