KitchenOwl
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent and purpose-aligned for KitchenOwl CLI use, but users should notice that it installs an external CLI, stores KitchenOwl login tokens locally, and can make confirmed read/write changes.
This skill appears safe to review as a normal KitchenOwl CLI helper. Before installing, confirm you trust the `kitchenowl-cli` package, use a legitimate KitchenOwl server, protect the local token config file, and personally approve any delete, remove, or bulk-edit command.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill's CLI dependency may run code from the external package ecosystem on the user's machine.
The skill tells the user or agent to install an external CLI package. This is central to the skill's purpose, but it means the user is trusting that package source and the unpinned latest package version.
Prefer `pipx` for isolated CLI installs. ```bash pipx install kitchenowl-cli ```
Verify that `kitchenowl-cli` is the intended package and consider pinning or reviewing the package source before installation in sensitive environments.
Anyone with access to the local config file could potentially access the KitchenOwl session tokens stored by the CLI.
The artifact clearly discloses credential use and local token storage. This is expected for an authenticated KitchenOwl CLI, but it is still sensitive account authority.
`auth login` accepts `--username` and `--password` flags (or prompts interactively) ... The CLI stores `server_url`, `access_token`, `refresh_token`, `user`, and any saved defaults in `~/.config/kitchenowl/config.json`
Prefer interactive login over putting passwords directly in commands, protect the local config file, and use `kitchenowl auth logout` when access is no longer needed.
If the agent runs the wrong KitchenOwl command, it could add, edit, or delete shopping list or recipe data in the authenticated account.
The skill explicitly supports mutating and destructive KitchenOwl operations. The risk is purpose-aligned and mitigated by instructions requiring confirmation and scoped identifiers.
Start with read-only commands before mutating data. Ask for confirmation before destructive commands (`delete`, `remove-item`, bulk edits). Prefer explicit IDs and `--household-id` for all scoped commands.
Review proposed write/delete commands, confirm the household and item IDs, and require explicit approval before destructive changes.