Paprika
ReviewAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward Paprika Recipe Manager CLI wrapper, with expected but noteworthy account authentication and npm installation steps.
This skill is coherent for reading Paprika recipes, meals, and grocery lists. Before installing, verify the npm package you are installing and be careful with Paprika credentials, especially if using environment variables for your email and password.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the referenced package gives local execution capability to code outside this skill artifact.
The skill relies on installing a global npm CLI package that is not pinned to a version and is not included in the reviewed artifacts. This is coherent with the CLI-based purpose, but users should verify the package source.
npm install -g paprika-recipe-cli
Install only after confirming the npm package identity, maintainer, and version, and prefer a pinned or trusted installation method where possible.
The CLI can access the user's Paprika account data such as recipes, meal plans, and grocery lists.
The skill documents Paprika account authentication, including direct email/password environment variables. This is expected for accessing Paprika cloud data, but the registry metadata declares no primary credential or required env vars.
paprika auth # Or set environment variables export PAPRIKA_EMAIL="your@email.com" export PAPRIKA_PASSWORD="your-password"
Prefer interactive authentication if available, avoid exposing the password in shared shells or logs, and confirm the CLI only has the account access you intend.