KitchenOwl API
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is mostly a coherent KitchenOwl API helper, but it stores/reuses account tokens and provides broad authenticated API commands that are not tightly limited to shopping-list actions.
Install only if you are comfortable giving this skill KitchenOwl account access. Use a dedicated low-privilege token if possible, avoid entering passwords on the command line, verify the base URL before every authenticated request, and manually approve any operation that changes data or creates long-lived tokens.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent is mistaken or prompted poorly, it could perform broader authenticated KitchenOwl API actions than simply reading or updating a shopping list.
The script exposes arbitrary authenticated REST methods and paths, rather than limiting actions to known shopping-list endpoints.
kitchenowl-api.sh request METHOD PATH [--base-url URL] [--token TOKEN] [--json JSON] ... api_call "$method" "$path" "$body" | json_pretty
Limit default use to known safe shopping-list endpoints and require explicit user confirmation before POST, PATCH, PUT, DELETE, GraphQL mutations, or token-management actions.
A stored KitchenOwl bearer token could be sent to the wrong or attacker-controlled server if an incorrect base URL is used.
A saved token is loaded before an optional --base-url override is applied, and the Authorization header is then sent to the resulting URL without checking that the token belongs to that host.
load_session || true
BASE_URL="${base:-$BASE_URL}"
TOKEN="${token_override:-$TOKEN}"
...
args+=( -H "Authorization: Bearer $TOKEN" )Bind saved tokens to their original base URL, refuse to send a stored token to a different host without explicit confirmation, or require a separate token override when --base-url changes.
Your KitchenOwl password might be visible locally even though the script itself does not echo it.
The documentation correctly says the script does not print passwords, but it still recommends passing the password as a command-line argument, which may expose it through shell history or process listings.
--password 'PASSWORD' ... The script does not print plain-text passwords.
Prefer an interactive password prompt, a protected token, or a safer secret-input mechanism instead of putting passwords directly on the command line.