Skillv0.1.0

ClawScan security

Cookidoo · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:24 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it says (a Cookidoo CLI) but its documentation/code disagree about how credentials are handled and it writes session/credential files to disk without declaring required secrets — this mismatch is worth caution.
Guidance: This skill appears to implement a legitimate Cookidoo CLI, but there are inconsistencies you should resolve before installing: 1) The registry metadata declares no required secrets, yet the docs and code accept and store Cookidoo credentials and session cookies (files under the skill directory and ~/.tmx_config.json). Confirm whether the skill will ask for your raw password or use an OAuth browser flow, and prefer OAuth if available. 2) If you provide credentials, expect them (or session tokens) to be written to disk; treat those files as sensitive. 3) If you plan to install from the GitHub repo referenced in the README, review that repository (commit history, issues, maintainer) to ensure you trust the source. 4) If you want to limit risk, run the tool in an isolated environment (container or dedicated account) or avoid supplying your Cookidoo password and use OAuth-only login. Finally, ask the maintainer to update the skill metadata to declare any required env vars or credential storage paths so the security posture is clear.

Review Dimensions

Purpose & Capability: noteName, description, README, SKILL.md and the bundled Python CLI are consistent: the code implements searching, plan/shopping management, favorites, and uses Cookidoo/Algolia endpoints. There are no unrelated cloud services or surprising binaries required.
Instruction Scope: concernSKILL.md instructs the agent to run the bundled tmx_cli.py and to log in (OAuth or credentials). The implementation reads/writes local files (cookies, search token, category cache, config) and performs network calls to cookidoo.de and Algolia — expected for this purpose — but some documentation (references/commands.md) explicitly mentions storing credentials in secrets/cookidoo.env (COOKIDOO_EMAIL, COOKIDOO_PASSWORD) even though the skill metadata declares no required env vars. The instructions give the agent discretion to run login flows and persist session tokens, which increases the sensitivity of what the skill will access.
Install Mechanism: okThis is an instruction-only skill bundled with the tmx_cli.py source; there is no install script that downloads arbitrary code. README shows optional GitHub installs (uvx/pipx) but the registry package contains the Python file itself. No high-risk download-from-URL installs are present in the bundle.
Credentials: concernSkill metadata declares no required environment variables, yet docs/code indicate the CLI can accept/store Cookidoo credentials and session tokens (cookies, cookidoo_search_token.json) and the commands reference storing COOKIDOO_EMAIL/COOKIDOO_PASSWORD in secrets/cookidoo.env. The skill writes to ~/.tmx_config.json and to files under the script directory. Requesting/saving user credentials and session cookies is proportionate to login-based functionality, but the omission of any declared secret requirements in the metadata and the presence of multiple storage locations is an inconsistency that should be clarified before use.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills. It will persist session and config files (in the skill directory and in the user's home directory), which is expected for a CLI that maintains login state, but users should be aware these files contain credentials/tokens and live on disk.