organizze Security Report — Trusted | ClawSafe

5 /100

organizze

Node.js CLI scripts for the Organizze personal finance API

Legitimate Node.js CLI tool for the Organizze personal finance API with no malicious behavior detected.

Skill Nameorganizze

Duration28.0s

Enginepi

✓

Safe to install

No action required. This is a clean, well-documented API client skill.

Resource	Declared	Inferred	Status	Evidence
Network	`READ`	`READ`	✓ Aligned	src/client.js:3 - only contacts https://api.organizze.com.br/rest/v2
Environment	`READ`	`READ`	✓ Aligned	src/credentials.js:5-8 - reads ORGANIZZE_EMAIL, ORGANIZZE_TOKEN, ORGANIZZE_USER_…
Filesystem	`NONE`	`READ`	✓ Aligned	src/credentials.js:1 - imports dotenv/config for .env reading; used only for loc…
Shell	`NONE`	`NONE`	—	No shell execution - only uses node process.argv for CLI dispatching

8 findings

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/node-%3E%3D18.0.0-brightgreen

README.md:3

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/%F0%9F%A6%9E-The%20Claw%20is%20The%20law-2ea44f?style=flat-square

README.md:4

🔗

Medium External URL 外部 URL

https://clawhub.ai/leaofelipe/organizze-skill

README.md:4

🔗

Medium External URL 外部 URL

https://app.organizze.com.br

README.md:11

🔗

Medium External URL 外部 URL

https://app.organizze.com.br/configuracoes/api-keys

README.md:27

🔗

Medium External URL 外部 URL

https://dotenvx.com

package-lock.json:26

🔗

Medium External URL 外部 URL

https://api.organizze.com.br/rest/v2

src/client.js:3

📧

Info Email 邮箱地址

[email protected]

README.md:22

File Tree

13 files · 26.9 KB · 873 lines

Markdown 4f · 436L JavaScript 7f · 387L JSON 2f · 50L

├─ ▾ 📁 src

│ ├─ ▾ 📁 routes

│ │ ├─ 📜 accounts.js JavaScript 44L · 1.2 KB

│ │ ├─ 📜 categories.js JavaScript 45L · 1.4 KB

│ │ ├─ 📜 credit-cards.js JavaScript 82L · 2.7 KB

│ │ ├─ 📜 transactions.js JavaScript 92L · 3.0 KB

│ │ └─ 📜 transfers.js JavaScript 64L · 2.0 KB

│ ├─ 📜 client.js JavaScript 44L · 1.2 KB

│ └─ 🔑 credentials.js ⚠ JavaScript 16L · 489 B

├─ 📝 AGENTS.md Markdown 72L · 2.5 KB

├─ 📝 CLAUDE.md Markdown 1L · 10 B

├─ 📋 package-lock.json JSON 30L · 713 B

├─ 📋 package.json JSON 20L · 535 B

├─ 📝 README.md Markdown 114L · 4.0 KB

└─ 📝 SKILL.md Markdown 249L · 7.3 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`dotenv`	`^16.4.7`	npm	No	Pinned with caret range; no known CVEs

Security Positives

✓ All network requests go exclusively to the legitimate Organizze API (https://api.organizze.com.br)

✓ Credentials are only used for HTTP Basic Auth with the legitimate API endpoint

✓ No credential exfiltration - tokens stay local and are sent only to the intended API

✓ No subprocess, shell commands, or code obfuscation

✓ No access to sensitive paths like ~/.ssh, ~/.aws, or other credential stores

✓ Documentation accurately describes all implemented functionality

✓ No hidden instructions, steganography, or suspicious patterns

✓ MIT-0 license, simple codebase with only one dependency

✓ dotenv dependency pinned to ^16.4.7 (no known vulnerabilities)

Scan Report

File Tree

Dependencies 1 items

Security Positives