ClawHub
Back to skill
v1.0.0

Paprika Recipe Importer

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:09 AM.

Analysis

This skill coherently creates Paprika recipe import files from user-provided recipe content, with only low-risk local file generation and script execution needed for that purpose.

GuidanceThis appears safe for its stated purpose. Before installing, note that it runs a local Python script and writes recipe files, so use it with recipe content you are comfortable saving into a Paprika import file.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
SKILL.md
python3 ~/.openclaw/skills/paprika-recipe-importer/scripts/build_paprikarecipes.py \
  /tmp/<recipe-name>.json \
  /tmp/<recipe-name>.paprikarecipes

The skill instructs the agent to run an included Python script to package the recipe file. This is purpose-aligned and scoped, but users should know the skill performs local command execution.

User impactThe agent may create a temporary JSON file and run the helper script locally to produce the Paprika import file.
RecommendationUse normally if you are comfortable with local file generation; review the generated recipe content before importing it into Paprika.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
metadata
Required binaries (all must exist): none

The metadata does not declare a Python requirement, while the SKILL.md workflow invokes python3. This is an operational metadata gap rather than evidence of hidden behavior.

User impactThe skill may fail or behave differently on systems without Python 3 available.
RecommendationEnsure Python 3 is available before using the skill, or ask the publisher to declare the runtime requirement.