eleme-food-recommend
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: eleme-food-recommend Version: 1.0.0 The skill bundle contains a significant security vulnerability in scripts/eleme_api.py, where SSL certificate verification is explicitly disabled (ssl.CERT_NONE), making the connection susceptible to Man-in-the-Middle (MitM) attacks. Additionally, the skill requires users to input sensitive session cookies, which are stored in plaintext in a local configuration file (~/.openclaw/skills/eleme-food-recommend/config.json). While these are high-risk practices, there is no clear evidence of intentional malice or data exfiltration to unauthorized third-party domains.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the cookie is exposed, another party may be able to access the user's Ele.me session, not just view recommendations.
The skill asks the user to copy a full logged-in browser Cookie, which is a broad session credential rather than a scoped API token. This is high-impact account access for a recommendation skill.
--cookie | 饿了么Cookie(必须) | 从浏览器F12获取
Use a scoped OAuth/API integration if available, clearly declare the credential requirement in metadata, and warn users how to revoke or rotate the session.
The user's Ele.me cookie may be accidentally recorded or shared outside the local tool.
After set-config, the command prints the entire stored config. Unlike show-config, this path does not mask the cookie, so the full session cookie can be exposed in terminal output, chat transcripts, or logs.
if args.cookie: config['cookie'] = args.cookie ... print(json.dumps({"message": "配置已更新", "config": get_config()}, ensure_ascii=False, indent=2))Never print the cookie. Omit it from set-config output or mask it consistently in every command path.
Other local processes, tools, backups, or skills with filesystem access could read the stored cookie and location.
The skill persists the session cookie and location in a normal JSON file under the skill directory, with no encryption, OS keychain use, permission hardening, retention limit, or cleanup command shown.
CONFIG_FILE = CONFIG_DIR / "config.json" ... DEFAULT_CONFIG = {"cookie": "", ... "location": {"latitude": "", "longitude": "", "address": ""}} ... json.dump(config, f, ensure_ascii=False, indent=2)Store session secrets in an OS credential store, set restrictive file permissions if a file is unavoidable, and provide an obvious command to delete saved credentials.
A network attacker or proxy could impersonate Ele.me and capture the user's session cookie.
The code disables TLS hostname and certificate verification while sending the user's Ele.me Cookie in HTTP requests.
ctx.check_hostname = False; ctx.verify_mode = ssl.CERT_NONE ... req.add_header('Cookie', cookie) ... urllib.request.urlopen(req, timeout=10, context=ctx)Remove the custom insecure SSL context and use Python's default certificate verification for all HTTPS requests.
Users may have difficulty verifying the maintainer/source and may encounter undeclared runtime assumptions.
The source provenance is weak and the metadata does not declare the Python runtime despite Python entrypoints in the artifacts. No hidden installer is shown, but users have less assurance about origin and runtime requirements.
Source: unknown; Homepage: https://github.com/your-name/eleme-food-recommend; No install spec — this is an instruction-only skill; Required binaries: none
Publish from a real, verifiable repository and declare the Python runtime and any required capabilities or credentials in registry metadata.