open-fava

Pass

Audited by Gen Agent Trust Hub on Jul 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Recommends the installation of fava and beancount Python packages from standard registries to provide the core functionality.
  • [COMMAND_EXECUTION]: Executes shell commands to launch the Fava web server and run ledger validation scripts locally on the user's machine.
  • [DATA_EXPOSURE]: Processes local financial ledger files (.beancount). The instructions explicitly specify binding the web server to 127.0.0.1 (localhost) to ensure the financial data is not exposed over the network.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 8, 2026, 08:04 PM
Security Audit — agent-trust-hub — open-fava