Back to skill

Security audit

Clawdbot Skill Cookidoo

Security checks across malware telemetry and agentic risk

Overview

This Cookidoo skill appears to be a normal account-connected recipe and shopping-list helper, with credential and write-access risks users should understand.

Install only if you are comfortable giving the skill access to your Cookidoo account. Prefer environment variables or a secure secrets store over a plaintext config file, and review any command that changes shopping lists or meal plans before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill requires access to environment variables and local config files for credentials, but it does not declare those capabilities explicitly. This weakens user visibility and consent around sensitive data access, especially because the skill handles account email and password for a third-party service.

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The documented purpose emphasizes recipes, shopping lists, and meal planning, but the listed commands also expose account information through an `info` command. Even if limited to email and country, undisclosed access to account data creates a trust gap and can lead users to authorize broader data exposure than they intended.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill description does not clearly warn that some operations may modify shopping-list or meal-planning data, which are state-changing actions in a user account. Without explicit disclosure, a user may invoke the skill expecting read-only behavior and unintentionally alter personal planning data.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill silently sources credentials from environment variables and a local plaintext config file without any explicit disclosure to the user at runtime or in the observed code. While credential access is expected for this integration, undisclosed secret collection reduces transparency and can surprise users in agent environments where skills may run with broader ambient access.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The code performs a network login and begins retrieving account data immediately after parsing arguments, without an explicit warning or consent step in the script. In an agent-skill context, automatic authenticated network actions can expose account metadata or trigger unintended access using ambient credentials.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.