Security audit
Nutrition Planner
Security checks across malware telemetry and agentic risk
Overview
This nutrition-planning skill appears purpose-aligned, but it looks incomplete because it references a missing CLI script and would store personal health-related profile data locally.
This looks like a benign meal-planning skill, but the provided package appears incomplete because the CLI script it tells you to run is missing. If you obtain the missing script elsewhere, review it before running it. Also remember that profile details such as weight, height, goals, restrictions, and allergies may be stored locally in the disclosed SQLite database.
VirusTotal
59/59 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may not run as documented, and the actual CLI behavior cannot be reviewed from the supplied artifacts.
The package declares a CLI entry point, and SKILL.md instructs use of that path, but the provided manifest contains no scripts/nutrition-planner file. This is an incomplete artifact/provenance issue.
"main": "scripts/nutrition-planner", "bin": { "nutrition-planner": "scripts/nutrition-planner" }Only install or use it if the missing script is supplied from a trusted source and can be reviewed; otherwise treat it as incomplete.
Personal health and diet-related information may remain on the local machine after use.
The skill discloses persistent local storage for nutrition planning data, which likely includes personal profile details, dietary restrictions, and allergies.
数据存储在 `~/.openclaw/data/nutrition-planner/`: - `nutrition_planner.db` - SQLite 数据库
Avoid entering sensitive medical information unless you are comfortable storing it locally, and delete the database if you no longer want the data retained.