ClawHub

Seth Receitas Ptbr

v1.0.0

Busca receitas em português do Brasil (pt-BR) via Wikilivros + TheMealDB. Gera receitas originais quando necessário.

0· 221·0 current·0 all-time
by@runawaydevil
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the actual code: clients for TheMealDB, Wikibooks (MediaWiki), optional OpenFoodFacts, HTML extraction, normalization, and a generator. No unrelated credentials or system-level access are requested.
Instruction Scope
SKILL.md instructs using the included CLI (src/cli.py) and only references the skill workspace; it does not request unrelated files or secrets. However the pre-scan flagged unicode-control-chars inside SKILL.md (invisible characters that can be used for prompt injection or to confuse parsers) — inspect SKILL.md for hidden characters before trusting automated invocation. Also verify the translator implementation (translate.py) since its behavior (local vs. network translation) isn't fully visible in the truncated display.
Install Mechanism
No install spec or external downloads; code is bundled with the skill and requirements.txt states only stdlib usage. No brew/npm/extract-from-URL installs observed.
Credentials
The skill declares no required env vars or credentials and none of the visible code requires API keys. Network calls are limited to public endpoints (TheMealDB, Wikibooks/MediaWiki, OpenFoodFacts), which matches the stated purpose.
Persistence & Privilege
The skill writes a local cache at state/cache.json (present in the bundle). always:false (default) — it does not demand force-enabled presence. Be aware cached responses and generated recipes are persisted in the skill state directory and could contain user-supplied or scraped content.
Scan Findings in Context
[unicode-control-chars] unexpected: The SKILL.md contains unicode control characters (invisible characters). This is not needed for a recipe skill and could be used to hide instructions or attempt prompt-injection. Recommend opening SKILL.md in a hex/whitespace-inspecting editor and removing any unexpected control chars.
Assessment
This skill appears to do what it claims (search Wikilivros/TheMealDB, extract/format recipes, and generate originals). Before installing or enabling autonomous invocation: 1) Inspect SKILL.md for invisible unicode control characters flagged by the scanner and remove them if present. 2) Review translate.py and any truncated files to confirm translations are done locally or to expected public endpoints (so no hidden third‑party API keys or unexpected network targets). 3) Be aware the skill writes state/cache.json to the skill directory; if you care about sensitive data or PII, clear or relocate the cache. 4) If you plan to let agents invoke skills autonomously, consider whether you trust automatic network calls to the listed public APIs; revoke or audit if you later see unexpected behavior. If you want, I can open and inspect the full translate.py and remaining truncated files for additional checks.

Like a lobster shell, security has layers — review code before you run it.

latestvk9735vg2n9v849m7s22n3rtpen82a6pz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments