ClawHub

KitchenOwl

v1.0.0

Use kitchenowl-cli from terminal with pipx install, auth, and core read/write commands for KitchenOwl.

0· 557·0 current·0 all-time
by@apetersson
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description state installing and using kitchenowl-cli; the skill declares the kitchenowl CLI binary and shows pipx install in the instructions and metadata. Required items (binary name, pipx install) are proportional to the purpose.
Instruction Scope
SKILL.md only instructs how to install, authenticate, and run read/write CLI commands. It documents that the CLI persists server_url, access_token, refresh_token, and user in ~/.config/kitchenowl/config.json, but does not direct the agent to read unrelated files or exfiltrate data to unexpected endpoints.
Install Mechanism
The skill recommends pipx install kitchenowl-cli (typical for Python CLIs). This installs third‑party code from PyPI into the environment — a normal mechanism but one that requires trusting the package source and maintainer.
Credentials
The skill requests no environment variables or unrelated credentials. The only sensitive data referenced are the CLI's access/refresh tokens stored in the user's XDG config path, which is expected for an auth'd CLI.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modifications to other skills. It only instructs use of the CLI and does not attempt to change agent/system configuration.
Assessment
This skill is internally consistent with its purpose (install and use the KitchenOwl CLI). Before installing: review the kitchenowl-cli project (the metadata references a GitHub repo) to confirm it's the legitimate package; pipx installs code from PyPI so you should trust the package/maintainer. Be aware the CLI stores server_url, access_token and refresh_token in ~/.config/kitchenowl/config.json (or $XDG_CONFIG_HOME). If you provide credentials, plan to revoke tokens if you uninstall or no longer trust the package, and avoid using high‑privilege or shared credentials. If you want extra caution, inspect the package source or run it in a disposable environment before granting real credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fwbyby1s9j51knae3c53x9581dqhc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Any binkitchenowl

Comments