ynab-mcp-server
Provides an MCP (Model Context Protocol) server for YNAB that exposes the YNAB API as MCP tools, auto-generating tools from YNAB’s OpenAPI spec via FastMCP. It uses a YNAB personal access token (env var) to authenticate requests and includes support for common CRUD operations across users, budgets, accounts, categories, transactions, payees, scheduled transactions, and budget months.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Uses a YNAB personal access token provided via environment variable (reduces hardcoding risk), but the README does not describe token scope/least privilege, how errors are handled (avoid leaking token), or whether requests/logs redact secrets. Also, exposing many endpoints as MCP tools increases the blast radius if an agent is misconfigured.
⚡ Reliability
Best When
You want a locally-run MCP bridge from an AI tool (Claude Desktop/Cursor/OpenCode) to the YNAB API, and you can safely manage a YNAB personal access token.
Avoid When
You need a hosted/SaaS service with stronger operational guarantees, or you require fine-grained permissioning beyond what YNAB’s token provides.
Use Cases
- • Let an AI assistant query YNAB budgets, balances, categories, and transactions
- • Automate bookkeeping workflows (e.g., list unapproved transactions, summarize spend by category)
- • Create/update/delete transactions and payees through an agent workflow
- • Generate higher-level analyses by combining multiple MCP tool calls
Not For
- • Bulk or fully automated transaction rewriting without human review
- • Systems that require real-time data push via webhooks (none indicated)
- • Use in environments where storing a long-lived YNAB token in an environment variable is unacceptable
Interface
Authentication
The README indicates token-based auth using a single environment variable; it does not describe scope granularity or token permissions.
Pricing
Pricing for the repository itself is not stated (it appears to be open source). Any costs would come from using YNAB API access (if applicable) and your infrastructure for running the server.
Agent Metadata
Known Gotchas
- ⚠ Write-capable tools (create/update/delete/import transactions) can cause irreversible changes if the agent is not constrained to safe flows
- ⚠ Token leakage risk if env var is logged or mishandled by the host runtime
- ⚠ Auto-exposing all YNAB endpoints increases the chance the agent uses an unexpected endpoint unless you restrict tool availability
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for ynab-mcp-server.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.