ClawHub

Cookidoo

Security checks across malware telemetry and agentic risk

Overview

This skill appears built for Cookidoo meal planning, but it needs review because it handles Cookidoo passwords and session cookies in ways that can leak account access.

Install only if you are comfortable letting the skill access and modify your Cookidoo account. Prefer interactive login over --password, avoid sharing or committing the skill directory, confirm any plan or shopping-list change before it runs, and delete local cookie/token files when you no longer need the integration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill exposes file read/write and network-capable functionality through a bundled CLI, but the manifest does not declare any permissions or capability boundaries. This can mislead users and orchestrators about the skill's real access level, reducing informed consent and weakening policy enforcement around network access, local config writes, exports, and session handling.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The declared description frames the skill as meal-planning assistance, but the documented behavior includes authentication flows, persistent local configuration, cookie/session management, file export, and multiple remote state-changing actions. This mismatch is dangerous because it can cause an agent or user to invoke the skill without realizing it can log in, modify cloud account data, persist sensitive state locally, or write files.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger terms are broad and include ordinary words like recipe, meal plan, and shopping list, which can cause accidental activation during normal cooking-related conversation. In a skill that can authenticate, modify meal plans/favorites/shopping lists, and write local files, overbroad invocation increases the chance of unintended tool use and state-changing actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation explicitly states that Cookidoo credentials are stored in `secrets/cookidoo.env` but provides no guidance on protecting that file, avoiding plaintext password storage, or using more secure token-based mechanisms. In an agent skill context, this is risky because users or integrators may adopt insecure secret-handling practices by default, increasing the chance of credential leakage through source control, logs, backups, or local compromise.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The CLI accepts `--email` and `--password` arguments, which exposes credentials through shell history, process listings, audit logs, and agent/tool invocation records. In an agent skill context this is more dangerous because orchestration layers often log full command arguments, turning a local secrecy issue into credential leakage across systems.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Authentication cookies are persisted to a JSON file on disk without setting restrictive file permissions or warning the user that long-lived session material is being stored locally. Anyone with access to that file may be able to replay the session and act as the user against Cookidoo until the cookies expire or are revoked.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal