ClawHub

Pantry Tracker

v1.3.0

Track grocery purchases and monitor food freshness using Supabase. Use when monitoring grocery orders, checking what food is expiring, logging pantry items,...

0· 87·1 current·1 all-time
byMei Park@meimakes
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (track groceries + freshness) align with the code and SKILL.md. The only runtime requirements are SUPABASE_URL and SUPABASE_KEY, which are appropriate for a Supabase-backed CLI. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md instructs the agent to use an existing email skill to parse grocery emails, produce JSON, and call the included CLI. The skill itself does not access email or other system areas. CLI commands and cron guidance match the script's implemented behavior.
Install Mechanism
No install spec — instruction-only with a single Python script. Nothing is downloaded or installed automatically, which minimizes risk.
Credentials
Only SUPABASE_URL and SUPABASE_KEY (anon key) are required and the code uses only those env vars. The SKILL.md explicitly warns not to use the service-role key. Environment access is proportional to the stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or modify other skills. It runs as a normal, user-invoked/autonomous-capable skill.
Assessment
This skill appears coherent and limited to operating a Supabase-backed pantry. Before installing: (1) ensure you provide only the Supabase anon key (not the service_role key) and confirm your Supabase project enforces Row Level Security (RLS) or otherwise restricts access for that anon key; anon keys can still expose data if RLS/policies are misconfigured. (2) Verify that the email parsing is performed by your agent's separate email skill and that you do not accidentally provide email credentials to this skill. (3) Review the provided SQL schema in your own Supabase project and run it there (do not point the skill at a production DB you don't control). (4) Note the registry summary shows a malformed env listing ([object Object])—double-check the platform's install UI shows the two required env vars. (5) If you operate this in a multi-user environment, add RLS policies so anon keys can only access that user's items. Other than these standard cautions, the skill's behavior and resource needs are consistent with its description.

Like a lobster shell, security has layers — review code before you run it.

latestvk970xxhda7cjv829zw5gq2w6zs8380ff

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Env[object Object], [object Object]

Comments