Chefpad
WarnAudited by ClawScan on May 10, 2026.
Overview
Chefpad is a coherent local recipe tool, but its script puts recipe text directly into Python code, so crafted input could run local code.
This skill appears intended to store recipes locally, but its current script is unsafe with crafted text. Avoid using it with recipes or ingredients copied from untrusted sources, and prefer a fixed version that safely handles input and has consistent package metadata.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious recipe name, ingredient, step, or search term from an untrusted source could cause commands to run on the user's machine with the user's normal permissions.
User-controlled command arguments are interpolated directly into Python source code. Crafted values containing quotes and Python syntax could break out of the intended string and execute Python code when the command runs.
python3 << PYEOF
...
r.setdefault("ingredients",[]).append("$ingredient")
...
q = "$query".lower()Do not install until the script passes user input safely, such as through sys.argv, stdin, JSON encoding, or environment variables, and avoids generating executable Python source from raw recipe text.
Users may have a harder time confirming exactly which package identity and version they are installing.
The embedded metadata does not match the supplied registry identity, which names the skill Chefpad with slug "chefpad" and version 2.0.1. This looks like packaging drift rather than malicious behavior, but it makes provenance and version review less clear.
"ownerId": "kn7e60c0zbzfa33m5mqvwzbx1s82jnx1", "slug": "cooking-recipe", "version": "1.0.0"
Align registry metadata, _meta.json, SKILL.md frontmatter, and script version output before publishing.