USDA FoodData Central API
Security checks across malware telemetry and agentic risk
Overview
This skill appears to do what it claims: use a USDA FoodData Central API key to search foods and show nutrition data.
Before installing, make sure you are comfortable storing an FDC_API_KEY in OpenClaw configuration and allowing the skill to make USDA API requests using curl. The included scripts are narrow and match the stated nutrition lookup purpose.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill needs a USDA API key and will use it for food data requests; misuse could consume the user's API quota.
The script uses the user's FDC_API_KEY as an authentication header when calling the USDA FoodData Central API.
-H "X-Api-Key: $FDC_API_KEY"
Use a dedicated FDC API key if possible, keep it private, and rotate it if it is accidentally exposed.
Installing and using the skill allows the agent to run these included scripts for USDA API lookups.
The skill operates by running included local shell scripts, which is disclosed and central to the documented API lookup workflow.
./skills/fdc-api/scripts/fdc_search.sh "search query" [pageSize] [dataType]
Review the scripts before installation if you are cautious; the provided script contents only call the documented USDA API endpoints.