eleme-food-recommend

Security checks across malware telemetry and agentic risk

Overview

This food recommendation skill is understandable in purpose, but it asks for and stores a live Ele.me login cookie and precise location in unsafe ways.

Review carefully before installing. Only use this if you are comfortable giving the skill your logged-in Ele.me cookie and exact location, and understand that the cookie may grant account access. A safer version should keep TLS verification enabled, avoid command-line cookies, avoid plaintext credential storage, redact output, and clearly document how to remove or rotate stored credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (12)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The module defines and persists a `cookie` field in a local config file, which is an authentication secret and more sensitive than the stated purpose of storing meal times and flavor preferences. Persisting session cookies in plaintext under a user home directory increases the chance of account compromise if the local machine, backup, logs, or other software can read that file.

Context-Inappropriate Capability

Medium

Confidence: 99% confidence
Finding: The code explicitly disables both certificate validation and hostname verification for HTTPS requests, which defeats TLS protections. This allows a man-in-the-middle attacker to intercept or modify Ele.me API responses and steal the authentication cookie being sent with those requests.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README explicitly instructs users to extract a live Ele.me Cookie from browser developer tools and pass it to the skill. Session cookies are highly sensitive authentication artifacts; encouraging manual extraction without a strong warning about account takeover risk, secure storage, and scope limitation can expose the user's account if the cookie is logged, persisted insecurely, or shared accidentally.

Missing User Warnings

Low

Confidence: 83% confidence
Finding: The documentation asks users to provide precise latitude, longitude, and address data to obtain recommendations, but does not warn about the privacy sensitivity of location information. Exact location can reveal home/work patterns and, when combined with food-ordering behavior and account identifiers such as cookies, increases the risk of profiling and misuse.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The documentation instructs users to provide and store an Eleme cookie, which is effectively an authentication credential, but gives no warning about its sensitivity, storage risks, or misuse potential. If exposed through logs, config files, shell history, or weak local storage, the cookie could enable account takeover or unauthorized access to order history and personal data.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill states it uses location to find nearby restaurants but does not disclose the privacy implications of collecting or transmitting location data. Location is sensitive personal information, and without notice or minimization guidance users may unknowingly expose home, work, or routine patterns to the skill or downstream services.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill accepts a raw Eleme cookie from the command line and stores it in configuration, creating a credential-handling risk. Command-line arguments may be exposed through shell history, process listings, logs, or config files, and the skill provides no warning or safer handling guidance; the later masking in display output does not mitigate the original exposure.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: `save_config` writes the full configuration object directly to disk, including location data and the cookie field, without any access controls, minimization, or visible disclosure in code. In this skill context, storing precise location and authentication data together for a food recommendation feature creates unnecessary privacy and security exposure beyond the minimum needed for recommendations.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill reads a persistent authentication cookie from configuration and sends it to the external Ele.me API, but the code does not provide any explicit user warning, consent flow, or minimization around handling that credential. In the context of this skill, that becomes more dangerous because TLS verification is also disabled elsewhere, increasing the chance the cookie could be exposed in transit.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The `set-config` command accepts and persists sensitive data including an Ele.me cookie and precise location details, but the CLI provides no warning, consent prompt, or indication of how and where that data will be stored. In a skill that handles authenticated session material and geolocation, silent persistence increases the risk of accidental credential exposure, unauthorized account use, and privacy leakage if the config file is read by other users, logs, backups, or compromised components.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The code explicitly depends on a stored Eleme cookie to function, but this file provides no user-facing disclosure about the use of account/session credentials or the risks of storing them. Because cookies can grant authenticated access, silent reliance on them increases the chance of unauthorized use, accidental credential exposure, or user confusion about what data is being accessed on their behalf.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The function retrieves precise latitude and longitude from configuration and sends them to an external restaurant API without any visible notice, consent flow, or minimization in this file. Precise location data is sensitive personal information, and transmitting it silently can expose a user's home or routine locations to third parties or logs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal