Back to skill

Security audit

Cookidoo Thermomix

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Cookidoo account CLI that uses user-provided credentials and can change meal-planning data, but I found no hidden exfiltration, persistence, or deceptive behavior.

Install only if you are comfortable giving a local script your Cookidoo email and password. Use explicit Cookidoo/Thermomix requests, and require confirmation before running commands that remove calendar entries, clear shopping lists, delete items, or delete collections.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill requires environment variables for Cookidoo credentials and explicitly performs authenticated network operations, but no permissions are declared. That creates a transparency and governance gap: users or orchestration systems may not realize the skill can access secrets and make external authenticated requests to a third-party service.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The documented behavior does not cleanly match the stated purpose: it performs login, accesses account/profile and subscription data, and supports account-modifying actions, while claiming broader recipe/custom-recipe/search functionality that is not actually implemented. This mismatch can mislead users and agents into granting trust or invoking the skill in contexts where personal account data is accessed or state-changing actions occur unexpectedly.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list includes broad everyday phrases such as 'meal planning' and 'was kochen', which are common in normal conversation and may cause unintended invocation. In this skill's context, accidental invocation is more dangerous because the skill uses stored credentials and can read account data or modify calendars, shopping lists, and collections.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation describes use of account credentials and multiple destructive or state-changing operations, such as clearing shopping lists and deleting collections, without prominent warnings about privacy, irreversible effects, or confirmation requirements. This raises the risk of users exposing account access or triggering unwanted account modifications without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal