organizze 安全扫描报告 — 可信 | ClawSafe

5 /100

organizze

Node.js CLI scripts for the Organizze personal finance API

Legitimate Node.js CLI tool for the Organizze personal finance API with no malicious behavior detected.

技能名称organizze

分析耗时28.0s

引擎pi

✓

可以安装

No action required. This is a clean, well-documented API client skill.

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	src/client.js:3 - only contacts https://api.organizze.com.br/rest/v2
环境变量	`READ`	`READ`	✓ 一致	src/credentials.js:5-8 - reads ORGANIZZE_EMAIL, ORGANIZZE_TOKEN, ORGANIZZE_USER_…
文件系统	`NONE`	`READ`	✓ 一致	src/credentials.js:1 - imports dotenv/config for .env reading; used only for loc…
命令执行	`NONE`	`NONE`	—	No shell execution - only uses node process.argv for CLI dispatching

8 项发现

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/node-%3E%3D18.0.0-brightgreen

README.md:3

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/%F0%9F%A6%9E-The%20Claw%20is%20The%20law-2ea44f?style=flat-square

README.md:4

🔗

中危外部 URL 外部 URL

https://clawhub.ai/leaofelipe/organizze-skill

README.md:4

🔗

中危外部 URL 外部 URL

https://app.organizze.com.br

README.md:11

🔗

中危外部 URL 外部 URL

https://app.organizze.com.br/configuracoes/api-keys

README.md:27

🔗

中危外部 URL 外部 URL

https://dotenvx.com

package-lock.json:26

🔗

中危外部 URL 外部 URL

https://api.organizze.com.br/rest/v2

src/client.js:3

📧

提示邮箱邮箱地址

[email protected]

README.md:22

目录结构

13 文件 · 26.9 KB · 873 行

Markdown 4f · 436L JavaScript 7f · 387L JSON 2f · 50L

├─ ▾ 📁 src

│ ├─ ▾ 📁 routes

│ │ ├─ 📜 accounts.js JavaScript 44L · 1.2 KB

│ │ ├─ 📜 categories.js JavaScript 45L · 1.4 KB

│ │ ├─ 📜 credit-cards.js JavaScript 82L · 2.7 KB

│ │ ├─ 📜 transactions.js JavaScript 92L · 3.0 KB

│ │ └─ 📜 transfers.js JavaScript 64L · 2.0 KB

│ ├─ 📜 client.js JavaScript 44L · 1.2 KB

│ └─ 🔑 credentials.js ⚠ JavaScript 16L · 489 B

├─ 📝 AGENTS.md Markdown 72L · 2.5 KB

├─ 📝 CLAUDE.md Markdown 1L · 10 B

├─ 📋 package-lock.json JSON 30L · 713 B

├─ 📋 package.json JSON 20L · 535 B

├─ 📝 README.md Markdown 114L · 4.0 KB

└─ 📝 SKILL.md Markdown 249L · 7.3 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`dotenv`	`^16.4.7`	npm	否	Pinned with caret range; no known CVEs

安全亮点

✓ All network requests go exclusively to the legitimate Organizze API (https://api.organizze.com.br)

✓ Credentials are only used for HTTP Basic Auth with the legitimate API endpoint

✓ No credential exfiltration - tokens stay local and are sent only to the intended API

✓ No subprocess, shell commands, or code obfuscation

✓ No access to sensitive paths like ~/.ssh, ~/.aws, or other credential stores

✓ Documentation accurately describes all implemented functionality

✓ No hidden instructions, steganography, or suspicious patterns

✓ MIT-0 license, simple codebase with only one dependency

✓ dotenv dependency pinned to ^16.4.7 (no known vulnerabilities)