Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Meal Planner Pro
v1.0.3Every household faces the same exhausting question every single day: 'What's for dinner?' Meal Planner Pro learns your family's unique tastes, allergies, and...
⭐ 0· 73·0 current·0 all-time
by@nollio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name, description, and all declared artifacts align: an instruction-only meal-planner that stores profiles, plans, grocery lists, and uses a vision-capable LLM for fridge photos. There are no unrelated env vars or binaries requested.
Instruction Scope
SKILL.md explicitly limits file I/O to data/ and config/ with strict allowlists and filename patterns; setup steps only create local directories and files. There are no instructions to call unknown external endpoints or to read unrelated system files. The prompt-injection defense is explicit and restrictive.
Install Mechanism
No install spec and no code to download or execute — instruction-only. This minimizes install-time risk.
Credentials
The skill declares no credentials, no required env vars, and asks only to use local data files. The accompanying dashboard spec mentions optional third-party stack (Supabase) but that is not required for the skill to operate as described.
Persistence & Privilege
always:false and default agent-invocation settings are appropriate. The skill does not request permanent platform privileges or attempt to change other skills' configs.
Scan Findings in Context
[prompt-injection-ignore-previous-instructions] expected: Scanner flagged 'ignore-previous-instructions' pattern. The SKILL.md contains an explicit Prompt Injection Defense section that purposely calls out that pattern and instructs the agent to ignore such instructions embedded in recipes — this is a legitimate defensive use.
[unicode-control-chars] expected: Scanner detected unicode-control-chars pattern. The skill includes normalization and path-safety guidance (URL-decode/lowercase/collapse separators) and an explicit warning about treating external text as data; the finding is likely a false positive or is related to the documented injection-defense guidance rather than malicious obfuscation.
Assessment
This skill appears coherent and low-risk in that it is instruction-only and stores data locally under data/ and config/. Before installing: 1) Confirm your OpenClaw runtime enforces the skill's file-path restrictions (only data/ and config/) and does not grant broader filesystem access. 2) The skill uses vision-capable LLMs for fridge photos — images and their parsed text will be sent to whatever model provider your agent uses; if you rely on a third-party LLM, consider privacy implications. 3) The dashboard spec references optional external services (Supabase, Next.js) — you only need to provide credentials if you choose to build and host the dashboard; do not supply unrelated API keys. 4) The setup writes files and tightens permissions (umask/chmod) — review the commands if you have specific security policies. 5) The SKILL.md includes explicit prompt-injection defenses (the scanner flagged patterns), which is intentional; still audit runtime handling of untrusted recipe text to ensure the agent doesn't treat user-pasted or scraped recipe content as executable instructions. If you need stronger assurances, run the skill in a sandboxed environment and review the created data files after first run.SKILL.md:16
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk97andtjdfz520v13pn8r95yc983zqxq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.