copilot-money
Warn
Audited by Socket on Mar 24, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS: the skill's finance purpose is coherent, but it relies on an unofficial third-party CLI from PyPI and uses invasive browser token extraction to access highly sensitive financial data. The main concern is trust and credential handling, not confirmed malware.
Confidence: 89%Severity: 76%
Audit Metadata