Calorie Visualizer
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent local calorie-tracking skill, with expected privacy considerations around stored meal logs, USER.md profile data, and optional USDA lookups.
This skill looks reasonable for local calorie tracking. Before installing, decide whether you are comfortable with local health-related logs, profile-derived calorie goals from USER.md, optional USDA online food lookups, and the required Python/browser rendering dependencies.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your height, weight, age, and gender may be used locally to calculate a daily calorie target if present in USER.md.
The skill reads a persistent workspace profile file to derive calorie targets, which is purpose-aligned but involves personal health/profile data.
USER_MD_PATH = os.getenv('CALORIE_VIS_USER_MD', os.path.join(WORKSPACE_DIR, 'USER.md'))If you do not want profile-derived calorie targets, use the documented config option to set user_refused_profile or set a manual daily_goal.
Meal history and related photo paths remain on disk in the skill's local database.
The local database stores meal names, calorie/protein values, and optional photo paths, which are expected for the skill but are health-related persistent records.
CREATE TABLE IF NOT EXISTS entries (... food_name TEXT, calories INTEGER, protein INTEGER, photo_path TEXT, ...)
Install only if you are comfortable keeping this health log locally, and delete calorie_data.db if you want to remove the stored history.
A food lookup that misses the local database can contact an external USDA service if you configured an API key.
When online fallback is enabled with USDA_API_KEY, queried food names and the API key are sent to the USDA API.
url = f"https://api.nal.usda.gov/fdc/v1/foods/search?query={q}&pageSize=1&api_key={USDA_API_KEY}"Use the --offline option for local-only lookups, and only set USDA_API_KEY if you accept USDA API requests for food searches.
If you provide a USDA API key, the skill can use it for nutrition lookups.
The skill can use an optional service credential for USDA lookups; this is disclosed and aligned with the food-database feature.
Online fallback: optional USDA API (`USDA_API_KEY`)
Use a dedicated, low-privilege USDA API key if possible and avoid setting it if you want strictly local operation.
Installing the skill may require trusting PyPI packages and a local Chromium/Chrome renderer.
The skill depends on external Python packages and a local browser runtime for report rendering; this is expected for image generation but expands the trusted install surface.
python3 -m pip install -r requirements.txt ... Python libs: `html2image`, `Pillow` ... Rendering: requires system Chromium/Chrome
Install dependencies from trusted environments and keep the browser/runtime patched.