Daily Meal Planner
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The recipe database can change after installation, so recommendations may depend on remote content that was not bundled with the skill.
The script downloads recipe JSON data from mutable main-branch GitHub/jsDelivr URLs when local data files are missing.
DATA_MIRRORS=[ "https://github.com/GMMG55/daily-meal-planner/raw/main/scripts", "https://cdn.jsdelivr.net/gh/GMMG55/daily-meal-planner@main/scripts" ] ... urlopen(f"{base}/{fn}",timeout=15).read()Use it only if you trust the referenced repository/CDN. For stronger assurance, prefer pinned data versions or checksums and review downloaded JSON files.
Future recommendations may reuse saved personal dietary information, and stale or incorrect profile data could affect meal suggestions.
The skill keeps persistent local memory of user preferences, location, diet goals, and allergies for future recommendations.
自动保存到本地 `user_profile.json`:地点、心情、想吃类别、偏好菜系、喜欢的菜、不喜欢的菜、饮食目标、过敏食材。
Review or delete user_profile.json if you do not want persistent personalization, especially for allergies or dietary restrictions.
A third-party weather service may receive your city or location string when weather-based recommendations are generated.
The weather lookup sends the configured city/location to the wttr.in weather service.
urlopen(urllib.request.Request(f"https://wttr.in/{city}?format=j1",headers={"User-Agent":"Mozilla/5.0"}),timeout=6)Avoid saving a precise location if privacy matters, or use manual weather options instead of automatic weather lookup.
Users might underestimate the sensitivity of the stored profile data even though the fields are disclosed elsewhere.
The privacy wording says there is no sensitive data, while the same document discloses storage of location, diet goals, and allergens, which some users may consider personal.
**无敏感数据** ... 不请求任何密钥、系统凭据或个人隐私信息 ... `user_profile.json` ... 饮食目标、过敏食材
Treat the local profile as personal information and delete it when you do not want preferences, location, or allergy data retained.