Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
kitchen-control
v1.0.0Manage freezer inventory via WhatsApp commands, track stock and expiration, log sales, generate schedules, adjust prices dynamically, and forecast demand usi...
⭐ 0· 104·0 current·0 all-time
by@m3d3l
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (WhatsApp + inventory + forecasting) matches what the code implements for inventory, sales, and schedule using PocketBase. However, the skill asks for a POCKETBASE_ADMIN_TOKEN (full admin access) which is higher privilege than required for typical CRUD inventory operations — a scoped service account or API key would be more appropriate. The SKILL.md also advertises AI forecasting and role-based auth; the code contains only a stub for the AI call and does not enforce per-user authorization checks.
Instruction Scope
SKILL.md instructs routing WhatsApp webhooks, configuring PocketBase and AI env vars, and mentions role-based auth and logging. The runtime code parses WhatsApp text commands and reads the declared env vars, but it does not implement role checks or logging, and the AI forecasting is a stub (no external AI call). This gap between documentation and implementation is scope-incoherent and may mislead operators about what the skill actually does and what data is transmitted.
Install Mechanism
There is no install spec (instruction-only plus one JS file). Nothing is downloaded or written by an installer, which is lowest-risk from an install mechanism perspective.
Credentials
SKILL.md requests POCKETBASE_URL and POCKETBASE_ADMIN_TOKEN and AI_API_KEY/AI_API_URL. Requiring the admin token is disproportionate for ordinary inventory operations and gives full control of the PocketBase instance; the code uses that admin auth approach directly. The AI_API_KEY/URL are declared but the code uses a local stub instead of making calls — collecting a key that isn't used is suspicious and increases risk. No other unrelated credentials are requested.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges or modify other skills' configuration. It only uses its own connections to PocketBase.
What to consider before installing
This skill largely does what it says (inventory/sold/schedule via PocketBase), but before installing:
- Do not hand over a PocketBase admin token to this skill in production; ask the developer to use a scoped service account or API key with minimal privileges instead. Full admin tokens allow total control of your PocketBase data.
- Confirm whether the AI forecasting feature will actually call an external API and where that data will be sent; the current code uses a stub but the README asks for an AI key — avoid providing keys until that behavior is explicit.
- Request implementation of user authorization checks (role mapping by WhatsApp number) and server-side validation so arbitrary callers can't manipulate inventory.
- Test the skill in an isolated environment with a local PocketBase instance and dummy credentials before connecting it to production WhatsApp/webhooks.
If the developer cannot justify the admin token requirement or provide a least-privilege alternative, treat the skill as unsafe for production.Like a lobster shell, security has layers — review code before you run it.
latestvk975p9sqe7vq9vwjx9zx0fgbzd833z4f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.