{"id":"rgarcia-ynab-mcp-server","name":"ynab-mcp-server","homepage":null,"repo_url":"https://github.com/rgarcia/ynab-mcp-server","category":"ai-ml","subcategories":[],"tags":["mcp","ynab","finance","automation","python","fastmcp","api-integration"],"what_it_does":"Provides an MCP (Model Context Protocol) server for YNAB that exposes the YNAB API as MCP tools, auto-generating tools from YNAB’s OpenAPI spec via FastMCP. It uses a YNAB personal access token (env var) to authenticate requests and includes support for common CRUD operations across users, budgets, accounts, categories, transactions, payees, scheduled transactions, and budget months.","use_cases":["Let an AI assistant query YNAB budgets, balances, categories, and transactions","Automate bookkeeping workflows (e.g., list unapproved transactions, summarize spend by category)","Create/update/delete transactions and payees through an agent workflow","Generate higher-level analyses by combining multiple MCP tool calls"],"not_for":["Bulk or fully automated transaction rewriting without human review","Systems that require real-time data push via webhooks (none indicated)","Use in environments where storing a long-lived YNAB token in an environment variable is unacceptable"],"best_when":"You want a locally-run MCP bridge from an AI tool (Claude Desktop/Cursor/OpenCode) to the YNAB API, and you can safely manage a YNAB personal access token.","avoid_when":"You need a hosted/SaaS service with stronger operational guarantees, or you require fine-grained permissioning beyond what YNAB’s token provides.","alternatives":["Directly call YNAB’s REST API from your application (with your own auth/error handling)","Build a custom MCP server around a smaller, curated subset of YNAB endpoints rather than exposing everything","Use existing YNAB automation tools (e.g., scripts or Zapier-like integrations) if MCP tool calling is unnecessary"],"af_score":60.8,"security_score":60.2,"reliability_score":26.2,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:25:17.022208+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":"https://api.ynab.com/papi/open_api_spec.yaml","webhooks":false},"auth":{"methods":["YNAB personal access token via YNAB_API_TOKEN environment variable"],"oauth":false,"scopes":false,"notes":"The README indicates token-based auth using a single environment variable; it does not describe scope granularity or token permissions."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Pricing for the repository itself is not stated (it appears to be open source). Any costs would come from using YNAB API access (if applicable) and your infrastructure for running the server."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":60.8,"security_score":60.2,"reliability_score":26.2,"mcp_server_quality":78.0,"documentation_accuracy":65.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":85.0,"rate_limit_clarity":20.0,"tls_enforcement":80.0,"auth_strength":70.0,"scope_granularity":30.0,"dependency_hygiene":65.0,"secret_handling":55.0,"security_notes":"Uses a YNAB personal access token provided via environment variable (reduces hardcoding risk), but the README does not describe token scope/least privilege, how errors are handled (avoid leaking token), or whether requests/logs redact secrets. Also, exposing many endpoints as MCP tools increases the blast radius if an agent is misconfigured.","uptime_documented":0.0,"version_stability":35.0,"breaking_changes_history":40.0,"error_recovery":30.0,"idempotency_support":"false","idempotency_notes":"The README does not mention idempotency behavior for write operations (create/update/delete/import).","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Write-capable tools (create/update/delete/import transactions) can cause irreversible changes if the agent is not constrained to safe flows","Token leakage risk if env var is logged or mishandled by the host runtime","Auto-exposing all YNAB endpoints increases the chance the agent uses an unexpected endpoint unless you restrict tool availability"]}}