Interesting idea. It feels to me though that it'd be a lot of work to check such a database for each of your transitive dependencies, where if you just run cackle it checks them all for you and perhaps most importantly will tell you if there's a change.
Another consideration is that cackle only considers an API to be used if it's in reachable code. This is handy because you can for example use a crate like the image crate, which has functions to read and write images on the filesystem and you don't need to grant filesystem permissions unless you actually use those APIs.
Ah, gotcha. Cackle checks the APIs used by build scripts before it lets them run, so that might help