open-fava
Pass
Audited by Gen Agent Trust Hub on Jul 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Recommends the installation of
favaandbeancountPython packages from standard registries to provide the core functionality. - [COMMAND_EXECUTION]: Executes shell commands to launch the Fava web server and run ledger validation scripts locally on the user's machine.
- [DATA_EXPOSURE]: Processes local financial ledger files (
.beancount). The instructions explicitly specify binding the web server to127.0.0.1(localhost) to ensure the financial data is not exposed over the network.
Audit Metadata