Food Tracker
v1.0.1Your intelligent food system. Absorbs, analyzes, and organizes everything you eat.
⭐ 2· 1.2k·4 current·4 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name and description align with the instructions: the skill classifies meals, tags items, and builds a persistent personal food database. However, the SKILL.md assumes image processing (OCR, barcode reading, photo item identification) and nutrition estimation capabilities without declaring any required binaries, libraries, or external services — this is an operational gap (not necessarily malicious) that affects how the skill will actually work.
Instruction Scope
Instructions direct the agent to persist all user data (preferences, scanned labels, recipes, patterns, places) to a specific path (~/food/memory.md) and to 'remember restrictions permanently.' There are no instructions about consent prompts, data deletion, encryption, or export controls. Persisting sensitive info (allergies, dietary restrictions, photos/labels) without explicit privacy controls is a privacy risk.
Install Mechanism
No install spec and no code files — the skill is instruction-only, so nothing is downloaded or written by an installer. This minimizes supply-chain risk. The static scanner had no files to analyze beyond the SKILL.md and processing.md.
Credentials
The skill requests no environment variables, credentials, or external config paths. That is proportionate to its described local-tracking purpose.
Persistence & Privilege
The skill does not request elevated platform privileges and isn't set to always:true. It does, however, request persistent local storage in the user's home directory (~/food/memory.md). Persisting personal health-related data locally is consistent with a tracker but increases exposure if the file is unencrypted or accessible by other processes/users.
Assessment
This skill is coherent with a local food tracker, but before installing you should: (1) Confirm how images and OCR are processed — locally or uploaded to external services — because SKILL.md does not specify network endpoints; (2) Be aware the skill will write a persistent file at ~/food/memory.md containing preferences, allergies, and other personal data; ask whether that file is encrypted, how to delete or export it, and who (which agents/processes) can read it; (3) If you store sensitive allergies or medical info, consider limiting what you save or use a sandboxed account; (4) Test with non-sensitive sample data to verify behavior; (5) If you need offline-only behavior, verify there are no hidden network calls before trusting real photos/labels. If any of these answers are unsatisfactory, avoid enabling the skill or remove the persisted file after testing.Like a lobster shell, security has layers — review code before you run it.
latestvk979w2gy47501zswamr2hc85t9816v7d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.