Feast - Intelligent meal planning, region and season aware shopping lists, respects dietary requirements, provides recipes, and generates immersive mealtime playlists
Security checks across malware telemetry and agentic risk
Overview
Feast appears purpose-aligned for meal planning, with disclosed local profile/history storage and scheduled notification agents that users should configure carefully.
Before installing, be comfortable with Feast storing dietary, location, budget, store, and meal-history details in your workspace. Configure notification channels explicitly, review or disable cron reminders when needed, and verify the package source if using manual installation.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Meal reminders may continue to run and send messages after the original planning session unless the cron jobs are removed or updated.
The skill intentionally creates persistent scheduled jobs that can launch agents later, which is important background behavior even though it is disclosed and scoped to reminders.
Feast sends reminders at key moments: planning day, confirmation, shopping list, daily reveals, and week review. These are delivered via cron jobs that spawn isolated agents to send notifications.
Only enable reminders you want, keep track of created cron jobs, and use the documented preference controls to disable or change them.
Meal plans, reminders, or dietary-related context could be sent to whichever channel is configured or auto-selected.
The skill can send meal-plan notifications through chat or push channels, including an automatic channel selection mode.
`auto` | Delivers to the current session or first available channel ... `telegram` ... `discord` ... `signal` ... Push notifications are sent in addition to the primary channel
Set an explicit notification channel instead of relying on `auto` if the content may be private, and verify any Telegram, Discord, Signal, Pushbullet, or ntfy configuration.
Private profile details and past meal history can influence future recommendations, and incorrect or stale entries could affect allergy, nutrition, or shopping advice.
The profile template stores personal location, dietary, calorie, budget, store, and preference data for reuse in future planning.
location: ... timezone: "" ... dietary: ... restrictions: [] ... calorieTarget: null ... preferences: ... budget: "moderate" ... stores: []
Keep the workspace private, review profile/history files periodically, and correct any inaccurate dietary or preference data.
Users have less registry-level information for independently verifying the package origin.
The registry metadata does not provide a canonical source or homepage, which limits provenance verification for the included skill files and helper script.
Source: unknown; Homepage: none
Prefer the ClawHub installation path and, if installing manually, verify the repository and version before use.