Mealie API skill
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: mealie Version: 1.0.0 The skill bundle is classified as suspicious due to a significant vulnerability in `scripts/mealie.sh` (as described in `SKILL.md`). The `add-recipe` and `create-plan` commands use `curl --data @${1}`, which expects a file path. If the OpenClaw agent passes unsanitized user-provided input directly as this file path, it could lead to arbitrary local file reads (e.g., `/etc/passwd`) and exfiltration of their content to the user's configured Mealie instance. This represents a high-risk prompt injection vulnerability against the agent, allowing for potential data leakage, even though the skill itself does not exhibit explicit malicious intent like exfiltrating data to an unauthorized third party.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or unwanted request could add or change recipe and meal-plan data in the user's Mealie instance.
The documented helper performs POST requests that can add recipes or create meal plans. This is purpose-aligned, but it is still mutation authority over the user's Mealie data.
curl -s -X POST "$MEALIE_URL/api/recipes" ... --data @${1}Confirm the target Mealie URL and review JSON payloads before running add or create operations.
Anyone or any process with this token could access or modify data allowed by that Mealie API key.
The skill requires a Mealie API bearer token for authenticated API calls. This is expected for the integration, but it grants account-level API access and is not declared in the registry credential metadata.
export MEALIE_TOKEN="<your‑jwt‑api‑token>" ... -H "Authorization: Bearer $MEALIE_TOKEN"
Use the least-privileged Mealie API token available, keep it out of logs and shared shells, and rotate it if exposed.
The documented commands may fail, or a user may end up creating or running a local script that was not supplied as part of the reviewed package.
The artifact package is reported as instruction-only with only SKILL.md present, so the referenced helper script is not actually included for review or execution.
The skill bundles a small Bash helper (`scripts/mealie.sh`) ... Make it executable: `chmod +x scripts/mealie.sh`
Do not run an unexpected scripts/mealie.sh file; either include the reviewed helper in the package or manually create it from trusted, inspected contents.