nihao
v1.0.0生成今日菜单推荐。根据用户手头的食材、口味偏好、人数和烹饪时间, 从内置食材库和菜谱库中智能匹配,输出完整的菜单方案和分步烹饪指南。 当用户提到"今天吃什么""做什么菜""菜单""菜谱推荐""晚饭吃啥"等意图时触发。
⭐ 0· 107·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description describe a daily menu generator and the code + reference files implement that purpose (recipes, ingredients, matching). Minor inconsistencies: the package name reported as "nihao" while SKILL.md uses name "daily-menu"; registry slug/owner metadata (self-improving-agen1) looks unrelated to a cooking skill. SKILL.md says the agent should read references/*.md; the Python script embeds RECIPES and ALIASES inline rather than reading those files — functional but slightly inconsistent. None of the required env vars, binaries, or config paths are excessive for a recipe generator.
Instruction Scope
Runtime instructions are narrowly scoped to collecting user food/context and producing menus, reading the bundled reference files, matching recipes, and formatting output. The SKILL.md explicitly limits actions to local data and conversational prompts; it does not instruct reading system configs, secrets, or contacting external endpoints.
Install Mechanism
No install spec is provided (instruction-only), and code files are bundled with the skill. There is no download-from-URL, package installation, or external installer to review.
Credentials
The skill declares no required environment variables, credentials, or config paths. The code and docs operate on bundled data files; no secret access is requested or needed.
Persistence & Privilege
The skill is not marked always:true and does not request elevated presence. There are no instructions to modify other skills or system-wide settings.
Assessment
This skill appears to do what it says: generate menus from bundled recipes and ingredient lists and does not ask for secrets or network access. However: (1) the skill source/homepage is missing — if you will execute the included Python script, review the full file to confirm there are no hidden network calls or arbitrary shell executions (the displayed portion looks purely local and data-driven). (2) Metadata mismatches (skill name vs SKILL.md vs registry slug) are minor but worth noting as a signal the package may have been renamed or repurposed. If you plan to enable the agent to run this skill, run it in a sandboxed environment first and avoid giving any sensitive tokens or credentials. If you need higher assurance, request the full unobfuscated source or provenance information from the publisher before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk9745hpnznsrsbb9k8b0qw8ewd835xha
License
MIT-0
Free to use, modify, and redistribute. No attribution required.