Back to skill
Skillv1.0.0
ClawScan security
KitchenOwl · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 18, 2026, 2:11 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions match its stated purpose (install and use a KitchenOwl CLI); nothing in the SKILL.md asks for unrelated credentials or system access, but pipx will install third‑party code and the CLI stores tokens in your home config file, so verify the package source before using credentials.
- Guidance
- This skill is internally consistent with its purpose (install and use the KitchenOwl CLI). Before installing: review the kitchenowl-cli project (the metadata references a GitHub repo) to confirm it's the legitimate package; pipx installs code from PyPI so you should trust the package/maintainer. Be aware the CLI stores server_url, access_token and refresh_token in ~/.config/kitchenowl/config.json (or $XDG_CONFIG_HOME). If you provide credentials, plan to revoke tokens if you uninstall or no longer trust the package, and avoid using high‑privilege or shared credentials. If you want extra caution, inspect the package source or run it in a disposable environment before granting real credentials.
Review Dimensions
- Purpose & Capability
- okName/description state installing and using kitchenowl-cli; the skill declares the kitchenowl CLI binary and shows pipx install in the instructions and metadata. Required items (binary name, pipx install) are proportional to the purpose.
- Instruction Scope
- okSKILL.md only instructs how to install, authenticate, and run read/write CLI commands. It documents that the CLI persists server_url, access_token, refresh_token, and user in ~/.config/kitchenowl/config.json, but does not direct the agent to read unrelated files or exfiltrate data to unexpected endpoints.
- Install Mechanism
- noteThe skill recommends pipx install kitchenowl-cli (typical for Python CLIs). This installs third‑party code from PyPI into the environment — a normal mechanism but one that requires trusting the package source and maintainer.
- Credentials
- okThe skill requests no environment variables or unrelated credentials. The only sensitive data referenced are the CLI's access/refresh tokens stored in the user's XDG config path, which is expected for an auth'd CLI.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system privileges or modifications to other skills. It only instructs use of the CLI and does not attempt to change agent/system configuration.