gurkerlcli
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent for Gurkerl grocery shopping, but it relies on an external CLI and Gurkerl account credentials, so users should trust the package and review cart/list changes.
Use this skill only if you trust the external gurkerlcli package. Treat your Gurkerl login as sensitive, avoid persistent plaintext password files where possible, and require confirmation before cart-clearing, item-removal, or list-deletion actions.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The installed CLI will handle grocery account operations, so the user should trust the package source before installing it.
The skill depends on installing an external CLI package that is not included in the supplied artifacts. The install step is disclosed and user-directed, so this is a supply-chain notice rather than a concern.
brew tap pasogott/tap brew install gurkerlcli # Or via pipx pipx install gurkerlcli
Install only from a source you trust and review the linked project or package metadata before using it with your Gurkerl account.
Anyone or anything with access to those credentials or session could affect the user's Gurkerl account.
The skill requires Gurkerl account credentials or a stored session. This is expected for shopping-account access, but credentials and persistent password storage are sensitive.
gurkerlcli auth login --email user@example.com --password xxx Session is stored securely in macOS Keychain. export GURKERL_EMAIL=your-email@example.com export GURKERL_PASSWORD=your-password Or add to `~/.env.local` for persistence.
Prefer the documented login/session flow over storing passwords in plaintext environment files, and protect any credential file with appropriate local permissions.
The agent could change the user's cart or shopping lists if asked to use these commands.
The skill uses shell commands to perform account-state changes such as adding/removing cart items and deleting lists. These actions are disclosed and match the grocery-shopping purpose, but users should be aware before allowing changes.
tools: [bash] ... gurkerlcli cart add <product_id> gurkerlcli cart remove <product_id> gurkerlcli cart clear --force # Empty cart without confirmation gurkerlcli lists delete <list_id> # Delete list
Ask the agent to show proposed cart or list changes before running mutating commands, and avoid the force-clear option unless intentionally emptying the cart.