Back to skill
Skillv0.1.0
VirusTotal security
Cookidoo · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 3:34 AM
- Hash
- 6b0c22013c592df5ac6a577f874e534533d4729089f1e860579488b99364054b
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: tmx-cli Version: 0.1.0 The skill bundle is benign. The `tmx_cli.py` script is a pure Python CLI tool that interacts with legitimate Cookidoo and Algolia APIs over HTTPS for meal planning, recipe search, and shopping list management. It stores session cookies and cached data in local JSON files within the skill's directory and user configuration in `~/.tmx_config.json`, which are standard practices for CLI tools. The login process uses `getpass` for secure interactive password input. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, or obfuscation. The `SKILL.md` instructions for the AI agent are clear, aligned with the stated purpose, and include positive security instructions like confirming destructive actions, with no signs of prompt injection.
- External report
- View on VirusTotal