ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Chefpad

v2.0.1

Manage recipes and grocery lists with ingredient tracking and meal plans. Use when adding recipes, searching by ingredient, or building shopping lists.

0· 268·0 current·0 all-time
by@bytesagain1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (recipe manager, grocery lists, meal plans) match the included shell script and README: commands implement add, ingredient, step, list, show, search, rate, random, suggest. Required tools (bash, python3) are appropriate and proportionate.
Instruction Scope
SKILL.md instructions and the script operate only on local files in $HOME/.chefpad and stdout. There are no instructions to read unrelated system paths, access network endpoints, or exfiltrate data. The behavior described in SKILL.md (no external APIs, local JSON storage) aligns with the script.
Install Mechanism
No install spec is provided (instruction-only); the package includes a shell script. Nothing is downloaded or extracted at install time. Low install-surface risk.
Credentials
The skill requests no environment variables or credentials. It writes only to ~/.chefpad/recipes.json and favorites.json. Using $HOME for storage is expected for a local CLI tool.
Persistence & Privilege
always is false and the skill does not request persistent elevated privileges or modify other skills or system-wide agent settings. Its runtime footprint is limited to creating and updating files under the user's home directory.
Assessment
This skill appears to be a straightforward, local-only recipe manager. Before installing or running the script, inspect the scripts/script.sh file (already included) and consider: it will create ~/.chefpad/recipes.json and favorites.json and update them in place, so back up any existing ~/.chefpad directory first. There are minor metadata inconsistencies (SKILL.md uses 'cooking-recipe' in header and _meta.json ownerId differs from registry ownerId) that look like packaging oversights — not malicious, but verify you trust the GitHub source before use. If you plan to add this as a system-wide CLI, place the script in a location you control and review file permissions.

Like a lobster shell, security has layers — review code before you run it.

latestvk974hwqhjcq8t0madg12sf1bgn834xd9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments