Skip to main content

pp-lunch-money

Facilitates transaction management and subscription audits using Lunch Money's OpenAPI, enhancing personal finance tracking.

Install this skill

or
82/100

Security score

The pp-lunch-money skill was audited on Jun 10, 2026 and we found 6 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 345

Webhook reference - potential data exfiltration

SourceSKILL.md
345| `webhook:<url>` | POST the output body to the URL (`application/json` or `application/x-ndjson` when `--compact`) |
medium line 347

Webhook reference - potential data exfiltration

SourceSKILL.md
347Unknown schemes are refused with a structured error naming the supported set. Webhook failures return non-zero and log the URL + HTTP status on stderr.
medium line 333

Access to hidden dotfiles in home directory

SourceSKILL.md
333Entries are stored locally at `~/.lunch-money-pp-cli/feedback.jsonl`. They are never POSTed unless `LUNCH_MONEY_FEEDBACK_ENDPOINT` is set AND either `--send` is passed or `LUNCH_MONEY_FEEDBACK_AUTO_SE
low line 119

External URL reference

SourceSKILL.md
119**balance-history** — View and update historical account balances. Balance history is what drives the [Net Worth](https://my.lunchmoney.app/net-worth) views in the Lunch Money app. Balance history is
low line 257

External URL reference

SourceSKILL.md
257Surfaces local-detected subscription patterns (≥3 occurrences, monthly cadence) not yet flagged. Filter with jq for subscriptions over a threshold; the v2 API does not yet expose a recurring_items cre
low line 277

External URL reference

SourceSKILL.md
277**Public API** (`api.lunchmoney.dev/v2`) — used by every top-level command. Get a bearer token from https://my.lunchmoney.app/developers and set it as `LUNCHMONEY_API_KEY`:
Scanned on Jun 10, 2026
View Security Dashboard
Installation guide →
GitHub Stars 1.3K
Rate this skill
Categoryfinance accounting
UpdatedJune 13, 2026
claudefrontendstripedocxgitapidatabasetestingbackendfinancial-analystaccountantbusiness-developmentplaidfinance accountingsales
mvanhorn/printing-press-library