Back to skill
Skillv1.0.0
ClawScan security
Tandoor Recipe · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 9:26 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to implement the advertised Tandoor Recipe functionality and only talks to the user’s Tandoor instance, but there are inconsistencies (undocumented env var and missing installation steps/dependency expectations) that you should understand before installing.
- Guidance
- This skill largely does what it claims — it issues API calls to your Tandoor instance using TANDOOR_URL and TANDOOR_API_TOKEN. Before installing: (1) Be aware the package expects Node modules (e.g., zod) but no install step is provided; you should run npm install in a safe environment or verify bundled JS runs without external dependencies. (2) The code reads an undocumented TANDOOR_ADDITIONAL_HEADERS env var (JSON) which, if set, will be merged into requests — only set it if you trust the skill and know why extra headers are needed. (3) Review the included scripts (tandoor.js and api.js) yourself or run the skill in an isolated environment/network to confirm behavior. (4) Prefer giving the TANDOOR_API_TOKEN least privilege and rotate/revoke it if you stop using the skill. These inconsistencies look like oversights rather than malice, but they warrant caution.
Review Dimensions
- Purpose & Capability
- noteName/description match the code: the scripts call Tandoor API endpoints and implement recipe, meal-plan, and shopping-list operations. Required binary (node) and required env vars (TANDOOR_URL, TANDOOR_API_TOKEN) are appropriate. Minor mismatch: package.json declares a runtime dependency on 'zod' but the SKILL.md/registry did not include an install step to ensure Node packages are present.
- Instruction Scope
- concernSKILL.md instructs the agent to run node ./scripts/tandoor.js and documents TANDOOR_URL and TANDOOR_API_TOKEN only. The actual code also reads an undocumented environment variable TANDOOR_ADDITIONAL_HEADERS (JSON) and will merge that into outgoing headers. The instructions do not mention this env var or validate its use; that is an unexpected surface the agent could use.
- Install Mechanism
- noteThere is no install spec (instruction-only), which is low risk, but the package includes JS source that imports 'zod' and package.json lists dependencies. Without an install step the runtime may fail (missing node modules). No downloads or remote installs are performed by the skill itself.
- Credentials
- noteDeclared env vars (TANDOOR_URL, TANDOOR_API_TOKEN) are proportional to the stated purpose. However, code accepts an extra environment variable (TANDOOR_ADDITIONAL_HEADERS) not declared as required; while it is optional and only applied to requests to the configured TANDOOR_URL, it is an undocumented way to influence outgoing headers.
- Persistence & Privilege
- okThe skill does not request always:true, does not modify other skills, and does not ask to persist credentials beyond using the provided environment variables. It runs as a one-off CLI tool invoked by the agent.