中文

Plan2Meal

Medium
by okikeSolutions | Audited: 2026-02-26T09:59:20.936Z | Ruleset: 0.2.0

Quick Install

Add this skill to your agent

clawhub install plan2meal
GitHub ClawHub

About This Skill

Use Cases

Documentation (Original)

Source: README.md
The following is the author's original documentation (often English). For installation, follow “Quick Install” above.

Plan2Meal ClawdHub Skill

Manage recipes and grocery lists from your Plan2Meal app via chat.

Data routing disclosure

  • API target is CONVEX_URL.
  • Shared default backend is https://gallant-bass-875.convex.cloud.
  • Shared backend is blocked by default unless ALLOW_DEFAULT_BACKEND=true.

Quick Start

# Install via ClawdHub
clawdhub install plan2meal

# Configure environment
cp .env.example .env
# Set CONVEX_URL and OAuth credentials

Required baseline env:

  • CONVEX_URL
  • AUTH_GITHUB_ID, AUTH_GITHUB_SECRET, GITHUB_CALLBACK_URL
  • CLAWDBOT_URL

Optional providers:

  • Google: AUTH_GOOGLE_ID, AUTH_GOOGLE_SECRET, GOOGLE_CALLBACK_URL
  • Apple: AUTH_APPLE_ID, AUTH_APPLE_SECRET, APPLE_CALLBACK_URL

Commands

Recipes

  • plan2meal add <url> - Add recipe from URL
  • plan2meal list - List your recipes
  • plan2meal search <term> - Search recipes
  • plan2meal show <id> - View recipe details
  • plan2meal delete <id> - Delete recipe

Grocery Lists

  • plan2meal lists - List all grocery lists
  • plan2meal list-show <id> - View list with items
  • plan2meal list-create <name> - Create new list
  • plan2meal list-add <listId> <recipeId> - Add recipe to list

Help

  • plan2meal help - Show all commands

Setup

See SKILL.md for detailed setup instructions.

Security Audit

Medium

Summary

Deterministic scan complete. LLM disabled or not configured.

Risk Profile Toxicity Privacy Scope Reputation Quality
Open on GitHub Repo Root ClawHub Report / Appeal

ToxicSkills Analysis

Blocklist
Not matched
Prompt Injection
Not detected

Toxic Flags

credential-accessexfiltration

No Toxic signals detected by current static checks.

Key Risks 0 items

No LLM risk bullets (LLM disabled or not cached).

Deterministic Findings (Evidence)

Rule Severity File Snippet
SENSITIVE_ENV medium skills/okikeSolutions/plan2meal/src/index.ts Line 20
const ALLOW_DEFAULT_BACKEND = process.env.ALLOW_DEFAULT_BACKEND === 'true';
SENSITIVE_ENV medium skills/okikeSolutions/plan2meal/src/index.ts Line 23
convexUrl: process.env.CONVEX_URL || DEFAULT_CONVEX_URL,
SENSITIVE_ENV medium skills/okikeSolutions/plan2meal/src/index.ts Line 24
githubClientId: process.env.AUTH_GITHUB_ID || process.env.GITHUB_CLIENT_ID || '',
SENSITIVE_ENV medium skills/okikeSolutions/plan2meal/src/index.ts Line 25
githubClientSecret: process.env.AUTH_GITHUB_SECRET || process.env.GITHUB_CLIENT_SECRET || '',
SENSITIVE_ENV medium skills/okikeSolutions/plan2meal/src/index.ts Line 26
githubCallbackUrl: process.env.GITHUB_CALLBACK_URL || '',
SENSITIVE_ENV medium skills/okikeSolutions/plan2meal/src/index.ts Line 27
googleClientId: process.env.AUTH_GOOGLE_ID || process.env.GOOGLE_CLIENT_ID || '',
SENSITIVE_ENV medium skills/okikeSolutions/plan2meal/src/index.ts Line 28
googleClientSecret: process.env.AUTH_GOOGLE_SECRET || process.env.GOOGLE_CLIENT_SECRET || '',
SENSITIVE_ENV medium skills/okikeSolutions/plan2meal/src/index.ts Line 29
googleCallbackUrl: process.env.GOOGLE_CALLBACK_URL || '',
SENSITIVE_ENV medium skills/okikeSolutions/plan2meal/src/index.ts Line 30
appleClientId: process.env.AUTH_APPLE_ID || process.env.APPLE_CLIENT_ID || '',
SENSITIVE_ENV medium skills/okikeSolutions/plan2meal/src/index.ts Line 31
appleClientSecret: process.env.AUTH_APPLE_SECRET || process.env.APPLE_CLIENT_SECRET || '',
SENSITIVE_ENV medium skills/okikeSolutions/plan2meal/src/index.ts Line 32
appleCallbackUrl: process.env.APPLE_CALLBACK_URL || '',
SENSITIVE_ENV medium skills/okikeSolutions/plan2meal/src/index.ts Line 33
clawdbotUrl: process.env.CLAWDBOT_URL || 'http://localhost:3010'
NET_HTTP_REQUEST medium skills/okikeSolutions/plan2meal/src/index.ts Line 249
const response = await axios.post(
NET_HTTP_REQUEST medium skills/okikeSolutions/plan2meal/src/index.ts Line 274
const response = await axios.post('https://oauth2.googleapis.com/token', params.toString(), {
NET_HTTP_REQUEST medium skills/okikeSolutions/plan2meal/src/index.ts Line 291
const response = await axios.post('https://appleid.apple.com/auth/token', params.toString(), {
NET_HTTP_REQUEST medium skills/okikeSolutions/plan2meal/src/index.ts Line 303
const r = await axios.get('https://api.github.com/user', {
QUALITY_README_PRESENT low README Line n/a
README detected

Scoring Criteria

Each skill is scored across 5 dimensions. The weighted total determines the star rating.

Code Toxicity 100/100 (weight 30%)
Privacy Risk 0/100 (weight 25%)
Permission Scope 80/100 (weight 20%)
Author Reputation 75/100 (weight 15%)
Code Quality 78/100 (weight 10%)

Star Rating Scale

5★ Safe — Score ≥ 80
4★ Good — Score 70–79
3★ Caution — Score 60–69
2★ Risky — Score 40–59
1★ Dangerous — Score < 40

Why This Score?

The following dimensions scored below 60, dragging the overall rating down:

  • Privacy Risk: 0/100

Explore More Skills

self-improving-agent Low
by pskoett
Weather High
by unknown
Proactive Agent Low
by halthelobster

VettedSkillsHub

We curate the top 100 most downloaded skills from ClawHub — the official ClawdBot (OpenClaw) marketplace — then run independent 5-dimension security audits. Transparent evidence, reproducible scores, 1-click install.

About

Best-effort static analysis. Scores are reproducible and evidence-based. Always review code and run in isolated environments for sensitive use.

© 2026 VettedSkillsHub. ClawdBot & OpenClaw are community projects.