Recipes
PassAudited by ClawScan on May 1, 2026.
Overview
This is a simple recipe lookup helper with no auth, but the reviewed package does not include the executable scripts its documentation tells users or agents to run.
This appears safe for basic recipe lookup. The main thing to check before installing is the missing executable code: if you use the README’s GitHub clone instructions, inspect the scripts first and confirm they only call TheMealDB as described.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run the recipe CLI and make public recipe API lookups when asked about cooking or recipes.
The skill expects local command-line tooling to support recipe lookups. This is disclosed and proportionate to a CLI/API lookup skill, with no destructive or privileged commands shown.
requires:
bins: ["bash", "curl", "jq"]Use it for ordinary recipe searches, and avoid putting private or sensitive personal details into recipe queries if you do not want them sent to an external API.
If you follow the README to fetch and run external files, you may be using code that was not present in the reviewed artifacts.
The README refers to executable files and a GitHub clone workflow, but the reviewed package only includes README.md and SKILL.md. That creates a provenance gap for the actual runnable helper code.
git clone https://github.com/jeffaf/recipes-skill.git chmod +x recipes scripts/recipes
Before cloning, chmodding, symlinking, or running the external scripts, inspect the repository and confirm it matches the reviewed skill and expected TheMealDB-only behavior.