ClawHub

Meal Planner Pro

Security checks across malware telemetry and agentic risk

Overview

Meal Planner Pro is a coherent meal-planning skill that stores household food preferences and allergy details locally, with privacy and allergy-checking caveats but no hidden or malicious behavior found.

Install only if you are comfortable storing household names, ages, allergies, preferences, meal ratings, freezer contents, and possibly food-photo context in this skill's local data area or optional dashboard. Review the setup commands, keep the data directory private, avoid unnecessary identifying details for children, verify allergy-sensitive meal suggestions yourself, and use the dashboard only with proper authentication, row-level security, private storage, and proxied external images.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
This is a real safety issue. The example explicitly claims there are zero allergen conflicts, yet it includes PB&J in a household where one member has a tree nut allergy, which can normalize unsafe meal planning and omit needed cross-contact warnings or ingredient substitutions. In a meal-planning skill, incorrect allergy handling is especially dangerous because users may trust the plan as safety-checked.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README prominently advertises learning from family tastes, dietary data, allergies, and ratings, but it does not clearly explain retention, storage, sharing, deletion, or sensitivity of that household data. Because this includes potentially sensitive health-related information, users may expose personal data without informed consent or understanding of privacy implications, especially since the "Security Verified" language could create overconfidence.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup flow explicitly collects sensitive household data including names, ages, allergies, dietary restrictions, household composition, shopping habits, and budget preferences, then persists it to local files without any user-facing disclosure, consent step, retention policy, or guidance on how the data will be used. Even though the files are created with restrictive permissions, the privacy risk remains because the skill normalizes long-term storage of personal and health-related information without transparency or data-minimization safeguards.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger scope is extremely broad, including everyday phrases like "what's for dinner?" and "anything related to household meal planning," which can cause the skill to activate in contexts where the user did not clearly consent to meal-planning workflows. Because the skill reads and updates persistent household, allergy, ratings, travel, and freezer data, overbroad invocation increases the chance of unintended access, modification, or disclosure of sensitive household information.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill clearly stores sensitive household and health-adjacent data such as allergies, dietary styles, children's preferences, schedules, and meal history, but the description and usage text do not warn users that this information is persisted across interactions. This lack of transparency can lead users to disclose sensitive information without informed consent, raising privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The discovery feed explicitly aggregates external recipe content and displays external images, which creates a realistic privacy and tracking risk if users' browsers fetch third-party resources directly. Even though the spec later notes that external content should be sanitized and image URLs proxied, the product copy and UX do not surface the privacy implication, so an implementation could still leak user IPs, user agents, and behavioral data to third-party publishers if these controls are missed or inconsistently applied.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The manifest explicitly models storage of sensitive personal data, including allergies, dislikes, household composition, freezer contents, ratings/comments, and chat history, but provides no indication of consent, retention, access controls, or user-facing privacy disclosures. In a meal-planning context, this data can reveal health-related information and household behavior patterns, so silent collection or unclear handling creates a real privacy and compliance risk even if no exploit code is present.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The example depicts analysis of a refrigerator photo alongside sensitive household profile data, including allergy information and children's ages/preferences, without any visible notice about privacy, consent, retention, or how image/profile data is handled. Even though this is illustrative documentation rather than executable code, it normalizes collection and cross-referencing of household and child-related data in a way that could lead implementers to omit necessary privacy safeguards.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This is a true vulnerability in the example workflow. The skill presents a reassuring safety claim while suggesting a potentially allergenic food without clarifying whether peanut butter is being used, whether tree-nut-safe products are required, or whether preparation avoids contamination; that mismatch can mislead users into unsafe assumptions. Because the skill's purpose is household meal planning, allergy mistakes are directly relevant and more dangerous than in a generic text example.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal