ClawHub

Clawdbot Skill Cookidoo

v1.0.1

Access Cookidoo (Thermomix) recipes, shopping lists, and meal planning via the unofficial cookidoo-api Python package. Use for viewing recipes, weekly plans, favorites, and syncing ingredients to shopping lists.

3· 1.9k·1 current·1 all-time
by@thekie
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is designed to access Cookidoo and the code calls the cookidoo-api library and asks for a Cookidoo email/password — this is coherent with the description. However, the registry metadata at the top of the report lists no required env vars/primary credential while SKILL.md and package.json both require COOKIDOO_EMAIL and COOKIDOO_PASSWORD; this mismatch is a packaging oversight that should be corrected.
Instruction Scope
SKILL.md instructs installing the cookidoo-api package and running the included CLI script. The runtime instructions and the script are limited to Cookidoo operations (recipes, plan, shopping, search, info) and only reference the specified config file (~/.config/atlas/cookidoo.env) and environment variables.
Install Mechanism
No automated install spec is included; the instructions ask the user to pip install the well-known cookidoo-api Python package. No arbitrary downloads, URL shorteners, or archive extraction are used.
Credentials
The skill requires the user's Cookidoo email and password, which is expected for an unofficial client that authenticates on behalf of the user. The skill suggests storing these in an env file in the user's home directory; that's functional but presents the usual risk of plaintext credentials on disk. There are no other unrelated credentials requested.
Persistence & Privilege
The skill does not request always:true or other elevated privileges. It reads a per-user config file in the home directory and does not modify other skills or system-wide settings.
Assessment
This skill appears to do what it says: it uses the unofficial cookidoo-api and requires your Cookidoo email and password to fetch recipes and shopping lists. Before installing: 1) Verify you trust the skill author (package.json author is 'thekie' and source/homepage is not provided). 2) Consider creating a dedicated Cookidoo account or changing your password after use, since the skill asks for your actual account password and suggests storing it in ~/.config/atlas/cookidoo.env (plaintext). 3) Review the cookidoo-api package on PyPI and its source to ensure it behaves as expected. 4) Note the registry metadata omitted the required env vars while SKILL.md and package.json list them — this is likely a packaging oversight but ask the author to correct it. 5) If you need stronger isolation, run the skill in a sandbox or container rather than on a host with sensitive credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk974qa8va2rbkkrdkvx5d7ygpx8120ew

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments