eleme-food-recommend
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the cookie is exposed, another party may be able to access the user's Ele.me session, not just view recommendations.
The skill asks the user to copy a full logged-in browser Cookie, which is a broad session credential rather than a scoped API token. This is high-impact account access for a recommendation skill.
--cookie | 饿了么Cookie(必须) | 从浏览器F12获取
Use a scoped OAuth/API integration if available, clearly declare the credential requirement in metadata, and warn users how to revoke or rotate the session.
The user's Ele.me cookie may be accidentally recorded or shared outside the local tool.
After set-config, the command prints the entire stored config. Unlike show-config, this path does not mask the cookie, so the full session cookie can be exposed in terminal output, chat transcripts, or logs.
if args.cookie: config['cookie'] = args.cookie ... print(json.dumps({"message": "配置已更新", "config": get_config()}, ensure_ascii=False, indent=2))Never print the cookie. Omit it from set-config output or mask it consistently in every command path.
Other local processes, tools, backups, or skills with filesystem access could read the stored cookie and location.
The skill persists the session cookie and location in a normal JSON file under the skill directory, with no encryption, OS keychain use, permission hardening, retention limit, or cleanup command shown.
CONFIG_FILE = CONFIG_DIR / "config.json" ... DEFAULT_CONFIG = {"cookie": "", ... "location": {"latitude": "", "longitude": "", "address": ""}} ... json.dump(config, f, ensure_ascii=False, indent=2)Store session secrets in an OS credential store, set restrictive file permissions if a file is unavoidable, and provide an obvious command to delete saved credentials.
A network attacker or proxy could impersonate Ele.me and capture the user's session cookie.
The code disables TLS hostname and certificate verification while sending the user's Ele.me Cookie in HTTP requests.
ctx.check_hostname = False; ctx.verify_mode = ssl.CERT_NONE ... req.add_header('Cookie', cookie) ... urllib.request.urlopen(req, timeout=10, context=ctx)Remove the custom insecure SSL context and use Python's default certificate verification for all HTTPS requests.
Users may have difficulty verifying the maintainer/source and may encounter undeclared runtime assumptions.
The source provenance is weak and the metadata does not declare the Python runtime despite Python entrypoints in the artifacts. No hidden installer is shown, but users have less assurance about origin and runtime requirements.
Source: unknown; Homepage: https://github.com/your-name/eleme-food-recommend; No install spec — this is an instruction-only skill; Required binaries: none
Publish from a real, verifiable repository and declare the Python runtime and any required capabilities or credentials in registry metadata.