扫描报告
5 /100
lyuuo-book
Personal bookkeeping tool — record income, expenses, transfers, manage accounts and categories, track budgets, and generate financial reports via local CLI commands backed by SQLite
A legitimate personal bookkeeping tool using local SQLite database. All capabilities are properly declared in SKILL.md, with no hidden functionality or suspicious behavior detected.
可以安装
No action required. The skill is safe to use.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | WRITE | WRITE | ✓ 一致 | scripts/book.mjs: Creates SQLite DB at ~/.lyuuo-book/data/book.db |
| 数据库 | WRITE | WRITE | ✓ 一致 | scripts/book.mjs: All operations use better-sqlite3 for local SQLite only |
| 网络访问 | NONE | NONE | — | scripts/book.mjs: No network imports or requests found |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md line 20: Uses node to run book.mjs commands |
目录结构
3 文件 · 57.0 KB · 1526 行 JavaScript 1f · 977L
Markdown 2f · 549L
├─
▾
references
│ └─
commands.md
Markdown
├─
▾
scripts
│ └─
book.mjs
JavaScript
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
better-sqlite3 | * | npm install -g | 否 | Native SQLite binding, used for local database only |
安全亮点
✓ All capabilities properly declared in SKILL.md
✓ No network requests - fully offline operation
✓ No credential harvesting or environment variable iteration
✓ No base64/eval/dynamic code execution
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No curl/wget remote script execution
✓ Local SQLite database only in user home directory
✓ Uses parameterized SQL queries preventing injection
✓ Clear separation of concerns with service classes
✓ Migration system for database schema management