ClawHub

Knuspr

v0.1.0

Manage grocery shopping on Knuspr.de via the knuspr-cli. Use for product search, cart management, delivery slot reservation, shopping lists, order history, deals, favorites, and meal suggestions. Trigger when the user mentions Knuspr, groceries, Einkauf, Lebensmittel, Warenkorb, Lieferslot, or shopping list tasks.

0· 1k·0 current·0 all-time
by@lars147
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the included CLI implementation: the code and docs implement product search, cart, slots, lists, orders, etc. However, the registry metadata claims no required environment variables or config paths, while the SKILL.md, README, references, and the bundled code all reference KNUSPR_EMAIL / KNUSPR_PASSWORD, a credentials file (~/.knuspr_credentials.json), and session/config files (~/.knuspr_session.json, ~/.knuspr_config.json). That metadata omission is an incoherence.
Instruction Scope
Runtime instructions direct the agent to run the bundled Python CLI and to log in (interactive or via KNUSPR_EMAIL/KNUSPR_PASSWORD). The instructions stay within the shopping domain (search, cart, slot reservation) and explicitly forbid completing purchases. They do reference reading/writing credential and session files in the user's home directory (expected for a local CLI) — which is within scope but should be explicitly declared in metadata and considered sensitive.
Install Mechanism
There is no external install step; the CLI is bundled in the skill. No downloads from arbitrary URLs or package registries are performed. The script uses only Python stdlib. This is lower-risk than fetching remote code at install time, but executing included code still requires review.
!
Credentials
Functionally the CLI needs user credentials to act on behalf of the user, so requesting KNUSPR_EMAIL / KNUSPR_PASSWORD (or interactive login) is proportionate. The concern is that the declared requirements list none, while documentation and code require/use credentials and create session/credential files in the home directory. The skill will store sensitive data on disk (~/.knuspr_credentials.json, ~/.knuspr_session.json); the user must ensure proper file permissions and be comfortable providing credentials to this third-party code.
Persistence & Privilege
The skill persists session and config files under the user's home directory but does not request elevated privileges nor set always:true. It does not appear to modify other skills or system-wide agent settings. Local persistence of credentials and cookies is expected for a CLI, but it increases the risk if the code or environment is untrusted.
What to consider before installing
This skill is plausibly what it claims to be (a knuspr.de CLI) but there are important mismatches and privacy considerations to check before installing: - Metadata mismatch: the registry lists no required env vars/config paths, but the README/SKILL.md and bundled code explicitly support/expect KNUSPR_EMAIL and KNUSPR_PASSWORD and will write ~/.knuspr_credentials.json and ~/.knuspr_session.json. Confirm this omission with the publisher. - Review the bundled code yourself (knuspr_cli.py) before running it. Because the script runs network requests as your account, you should verify there are no hidden endpoints or unexpected behavior. - Prefer interactive login over exporting credentials as environment variables. If you must store credentials on disk, ensure files are only readable by your user (chmod 600). - Consider creating a limited/test account rather than using your primary account until you trust the code and its upstream source. - Because the SKILL source/homepage are listed as unknown/none, try to verify the upstream repository and author (pyproject references a GitHub repo). If possible, prefer an officially maintained client or review the repo history and issues. - The SKILL.md explicitly instructs the agent to never complete purchases; if you allow autonomous invocation, ensure the agent cannot run 'checkout' or 'complete purchase' commands with your credentials. If your platform allows restricting which commands a skill may run, apply those controls. If you are not comfortable auditing the code or providing credentials to code with an unclear origin, do not install/use the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk970mgyw4tr2scd9s00tvrvh7980skb6
1kdownloads
0stars
1versions
Updated 1mo ago
v0.1.0
MIT-0
@lars147
latest
Download

Knuspr CLI Skill

Interact with Knuspr.de (German grocery delivery) using knuspr-cli — a pure-Python CLI bundled in this skill at {baseDir}/knuspr_cli.py.

Setup

  1. Python 3.8+ required (no external dependencies)
  2. Login: python3 {baseDir}/knuspr_cli.py auth login (or set KNUSPR_EMAIL + KNUSPR_PASSWORD env vars)
  3. Minimum order: €39

Critical Rules

  1. NEVER complete a purchase — Only build cart + reserve slot. Always tell the user to review and checkout themselves via cart open or the Knuspr website/app.
  2. Always use --json for parsing output programmatically.
  3. Confirm before destructive actions (cart clear, list delete, slot release).
  4. Show prices and totals when adding to cart so the user stays informed.

CLI Usage

python3 {baseDir}/knuspr_cli.py <resource> <action> [options]

Core Workflows

Search & Add to Cart

# Search products (use --json for parsing)
python3 {baseDir}/knuspr_cli.py product search "Hafermilch" --json
python3 {baseDir}/knuspr_cli.py product search "Käse" --bio --sort price_asc --json
python3 {baseDir}/knuspr_cli.py product search "Joghurt" --rette --json  # discounted items

# Add to cart
python3 {baseDir}/knuspr_cli.py cart add <product_id> -q <quantity>
python3 {baseDir}/knuspr_cli.py cart show --json  # verify cart & total

Delivery Slots

python3 {baseDir}/knuspr_cli.py slot list --detailed --json  # show available slots with IDs
python3 {baseDir}/knuspr_cli.py slot reserve <slot_id>       # reserve a 15-min ON_TIME slot
python3 {baseDir}/knuspr_cli.py slot reserve <slot_id> --type VIRTUAL  # 1-hour window
python3 {baseDir}/knuspr_cli.py slot current --json          # check current reservation
python3 {baseDir}/knuspr_cli.py slot release                 # cancel reservation (ask first!)

Shopping Lists

python3 {baseDir}/knuspr_cli.py list show --json             # all lists
python3 {baseDir}/knuspr_cli.py list show <list_id> --json   # products in a list
python3 {baseDir}/knuspr_cli.py list create "Wocheneinkauf"
python3 {baseDir}/knuspr_cli.py list add <list_id> <product_id>
python3 {baseDir}/knuspr_cli.py list to-cart <list_id>       # move entire list to cart
python3 {baseDir}/knuspr_cli.py list duplicate <list_id>     # duplicate a list

Order History & Reorder

python3 {baseDir}/knuspr_cli.py order list --json
python3 {baseDir}/knuspr_cli.py order show <order_id> --json
python3 {baseDir}/knuspr_cli.py order repeat <order_id>      # add all items to cart

Full Command Reference

For all commands, options, and flags see {baseDir}/references/commands.md.

Comments

Loading comments...