Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Feast - Intelligent meal planning, region and season aware shopping lists, respects dietary requirements, provides recipes, and generates immersive mealtime playlists
v1.0.2Comprehensive meal planning system with cultural themes, authentic recipes, intelligent shopping, and surprise reveals. Use when: - Planning weekly meals or menus - Generating shopping lists - Asking for recipe ideas or cooking help - Reviewing past meals or planning ahead - Onboarding a new user to the meal system - Looking for cuisine inspiration or cultural food events - Tracking dietary goals or nutrition - Managing favourites, failures, or meal history
⭐ 2· 2.3k·7 current·7 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill's name/description align with the files and scripts: templates, onboarding, weekly plan format, price-checking guidance, and a small history-update script. There are no unexpected required binaries, env vars, or external credentials declared.
Instruction Scope
SKILL.md instructs the agent to read/write user workspace files under workspace/meals, perform web research (including non-English sources), price-check stores, and embed playlists/links in week files. Those actions are coherent with the purpose but imply broad web access and data collection for research (searching news, store sites, music links). The skill also instructs creating cron jobs that spawn isolated agents to send notifications — functionally expected for scheduled reminders but an area to review if you dislike autonomous scheduled actions.
Install Mechanism
No install spec is present (instruction-only) and the single script is small and readable. No remote downloads, package installs, or archive extraction are requested.
Credentials
The skill declares no required environment variables, binaries, or credentials. It references optional external channels (Telegram/Discord/Signal/pushbullet/ntfy) but states these must be configured elsewhere (OpenClaw or separate skills). No unrelated secrets are requested.
Persistence & Privilege
The skill uses scheduled notifications (cron jobs) and expects to store cron job IDs in the user's profile.yaml for later management. always:false (not force-included), but the runtime behavior includes creating scheduled autonomous actions — this is expected for reminders but increases persistence/automation surface and should be considered before enabling notifications.
Assessment
Feast appears coherent for meal planning: it reads/writes files in workspace/meals, performs web research to build recipes/playlists, and can create scheduled notifications (cron jobs) to send reminders via channels you configure. Before installing, consider: (1) Source trust — the repo/source is unknown and there is no homepage; review the included files (especially scripts/update-history.py) yourself. (2) Data access — the skill will store personal profile, week plans, history, and playlists in workspace/meals; treat that directory as sensitive. (3) Automation/privacy — if you enable notifications, the skill will schedule cron jobs that spawn agents to send messages; confirm which notification channels are configured in your OpenClaw instance and that you want scheduled autonomous reminders. (4) External links and web research — the agent will query external sites and embed links (Spotify/YouTube/store sites) in plans; if you limit web access, expect degraded behaviour. If any of these concerns matter, inspect the files locally, disable push notifications, and keep notifications off until you trust the skill and its source.Like a lobster shell, security has layers — review code before you run it.
latestvk972ge9m0m02m2x5pszvxvwwc580d4bw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.