Scan Report
5 /100
lyuuo-book
Personal bookkeeping tool — record income, expenses, transfers, manage accounts and categories, track budgets, and generate financial reports via local CLI commands backed by SQLite
A legitimate personal bookkeeping tool using local SQLite database. All capabilities are properly declared in SKILL.md, with no hidden functionality or suspicious behavior detected.
Safe to install
No action required. The skill is safe to use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | scripts/book.mjs: Creates SQLite DB at ~/.lyuuo-book/data/book.db |
| Database | WRITE | WRITE | ✓ Aligned | scripts/book.mjs: All operations use better-sqlite3 for local SQLite only |
| Network | NONE | NONE | — | scripts/book.mjs: No network imports or requests found |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md line 20: Uses node to run book.mjs commands |
File Tree
3 files · 57.0 KB · 1526 lines JavaScript 1f · 977L
Markdown 2f · 549L
├─
▾
references
│ └─
commands.md
Markdown
├─
▾
scripts
│ └─
book.mjs
JavaScript
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
better-sqlite3 | * | npm install -g | No | Native SQLite binding, used for local database only |
Security Positives
✓ All capabilities properly declared in SKILL.md
✓ No network requests - fully offline operation
✓ No credential harvesting or environment variable iteration
✓ No base64/eval/dynamic code execution
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No curl/wget remote script execution
✓ Local SQLite database only in user home directory
✓ Uses parameterized SQL queries preventing injection
✓ Clear separation of concerns with service classes
✓ Migration system for database schema management