Tandoor Recipe CLI
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: tandoor-cli Version: 1.1.3 The tandoor-cli skill is a well-documented tool for managing a Tandoor Recipe Manager instance. It includes comprehensive security guidelines (SECURITY.md) and explicitly instructs the AI agent to require user confirmation for all write, destructive, and administrative operations in SKILL.md. The skill follows security best practices by recommending least-privileged tokens, short-lived credentials, and version pinning for the underlying NPM package (tandoor-cli). No evidence of malicious intent, data exfiltration, or prompt-injection vulnerabilities was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could add, change, or delete recipes, meal plans, shopping-list entries, and related Tandoor data if the user approves those actions.
The skill intentionally exposes commands that can change or delete Tandoor data. This is disclosed and gated by approval, so it is a purpose-aligned risk note rather than malicious behavior.
**Write operations** (add, update, import) modify data... **Destructive operations** (delete, clear, household management) require explicit user approval before execution
Use read-only commands without concern, but require clear confirmation for any write, bulk, delete, or --force operation.
If given an admin or space-owner token, the agent may be able to manage users, households, and invite links, not just recipe content.
Household/user/invite administration requires higher privilege and is broader than the published description of managing recipes, meal plans, and shopping lists.
**Administrative operations** (household management, user assignment, invite creation) require privileged credentials and explicit approval
Grant only a read-only or standard user token unless household administration is explicitly needed, and use a separate short-lived admin token for those tasks.
A changed or compromised npm package version could receive your Tandoor token and perform actions allowed by that token.
The executable CLI is not included in the reviewed artifacts, and the setup examples run an external npm package without a pinned version by default. That package would handle the user's Tandoor credentials and mutation authority.
npm install -g tandoor-cli ... npx tandoor-cli <command> ... `npx` downloads and runs the CLI on demand
Verify the npm package and repository before use, install a pinned version that matches the skill, and avoid unpinned npx execution with privileged credentials.