We checked this and rejected itprivacy

Copilot Money: why it is not safe to use

Copilot Money reads your finance data locally by default, but live and write modes reuse a stored Copilot session token and can edit your transactions.

What we found

Our scan gave Copilot Money a **warn** verdict (score 78/100). The good news first: in its default mode the server makes zero network requests and reads only your local Copilot finance cache. We found no hardcoded secrets, no shell or file-deletion commands, no obfuscated logic, and no privilege escalation. The README is honest that whichever AI model provider you connect will see your finance data.

The caution is about opt-in modes. The `--live-reads` and `--write` flags make authenticated HTTPS calls to your own `app.copilot.money` account (never a third party), and they do so by reading the Firebase refresh token already stored in your logged-in browser session. That is genuine access to a saved session credential. The `--write` flag also exposes 17 tools that can change your own transactions and budgets.

What to do instead

Run it in the default offline mode unless you specifically need live data. Leave `--write` off until you trust the setup. Remember that your connected AI provider sees whatever finance data you expose, so choose that provider with care.

Want the same outcome, safely? Use our checked skill instead.

Source: https://github.com/ignaciohermosillacornejo/copilot-money-mcp

We report what our security review found at the time we checked, with the goal of keeping people safe. Projects change; if a maintainer has since fixed this, we are glad to recheck it. Email hello@agentpod.com.

Copied to clipboard. Go back to ChatGPT or Claude and paste it to teach the skill.