ClawHub

Seth Receitas Ptbr

Security checks across malware telemetry and agentic risk

Overview

This is a recipe-search skill that uses disclosed public food APIs and a local cache, with no evidence of credential use, hidden commands, destructive actions, or data exfiltration.

Install only if you are comfortable sending recipe, ingredient, and optional nutrition queries to public third-party services and keeping cached recipe results locally. Do not rely on this skill for allergy, medical, religious, or strict dietary compliance without manually checking the ingredients.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill advertises operational capabilities through CLI examples and behavior that imply network access and local file interaction, but it does not declare any permissions. Undeclared capabilities reduce transparency and prevent proper sandboxing or user review, which can enable unexpected data access or outbound requests once the skill is installed or invoked.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The documented description says the skill uses Wikilivros and TheMealDB, but the behavior also includes nutrition lookup via OpenFoodFacts and other flows not reflected in the high-level description. This mismatch is dangerous because users and reviewers may authorize or trust the skill based on incomplete disclosure, while it actually contacts an additional third-party service and processes broader classes of requests.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The generator advertises restriction-aware behavior, but specialized recipe paths such as feijoada, moqueca, prato feito, and other fixed generators can return meat-, dairy-, or otherwise noncompliant recipes without enforcing the provided dietary restrictions. In a cooking skill, this can mislead users with allergy, religious, ethical, or medical dietary constraints into preparing unsafe or unusable dishes.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The README shows examples for recipe and nutrition lookups against public APIs but does not clearly disclose that user-supplied search terms and ingredient names are sent to third-party services. This is a real privacy/transparency issue because users may unknowingly transmit personal preferences, dietary restrictions, or other sensitive query content to external providers.

Missing User Warnings

Low
Confidence
94% confidence
Finding
The README documents local cache storage and TTLs but does not warn that fetched content and query-derived results are persisted on disk in state/cache.json. This can expose a user's search history or retrieved content to other local users, backups, or later forensic inspection if the workspace is shared or insufficiently protected.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger phrases are broad everyday cooking terms that could match normal conversation, causing the skill to activate when the user did not intend it. Unintended invocation can lead to unsolicited network requests, context capture, or interference with other skills, especially because this skill may query external services based on the matched text.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal