Scan Report
0 /100
treeline
Chat with your finances from Treeline Money. Query balances, spending, budgets, and transactions.
Legitimate personal finance CLI skill with all capabilities properly declared. All operations access the local ~/.treeline/ database containing user financial data, which is the intended purpose.
Safe to install
This skill is safe to use. All capabilities are documented and justified for the stated purpose of querying local financial data.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md: Runs 'tl' CLI commands for database operations |
| Filesystem | READ | READ | ✓ Aligned | SKILL.md: Accesses ~/.treeline/treeline.duckdb for financial data |
| Network | READ | READ | ✓ Aligned | SKILL.md: Declares 'tl sync' for bank integration downloads |
4 findings
Medium External URL 外部 URL
https://treeline.money SKILL.md:5 Medium External URL 外部 URL
https://treeline.money/download SKILL.md:35 Medium External URL 外部 URL
https://treeline.money/docs/integrations/bank-sync/ SKILL.md:68 Medium External URL 外部 URL
https://treeline.money/docs/integrations/csv-import/ SKILL.md:68 File Tree
1 files · 15.0 KB · 488 lines Markdown 1f · 488L
└─
SKILL.md
Markdown
Security Positives
✓ All shell commands are documented with clear read/write distinction
✓ Write operations require user confirmation before execution
✓ Data stays local - no exfiltration to external servers
✓ CLI downloaded from official GitHub releases (treeline-money)
✓ Properly warns against attempting database unlock (user must do this directly)
✓ Uses --dry-run flags to preview operations safely
✓ Demo mode available for trying without real financial data
✓ Encryption keys stored in OS keychain (standard security practice)