Plan2Meal
中风险
作者:okikeSolutions | 审计时间:2026-02-26T09:59:20.936Z | 规则集:0.2.0
技能介绍
暂无官方描述。
使用场景
文档(原文)
来源:README.md 以下为作者原文(通常为英文)。安装请以页面顶部“快速安装”为准。
Plan2Meal ClawdHub Skill
Manage recipes and grocery lists from your Plan2Meal app via chat.
Data routing disclosure
- API target is
CONVEX_URL. - Shared default backend is
https://gallant-bass-875.convex.cloud. - Shared backend is blocked by default unless
ALLOW_DEFAULT_BACKEND=true.
Quick Start
# Install via ClawdHub
clawdhub install plan2meal
# Configure environment
cp .env.example .env
# Set CONVEX_URL and OAuth credentials
Required baseline env:
CONVEX_URLAUTH_GITHUB_ID,AUTH_GITHUB_SECRET,GITHUB_CALLBACK_URLCLAWDBOT_URL
Optional providers:
- Google:
AUTH_GOOGLE_ID,AUTH_GOOGLE_SECRET,GOOGLE_CALLBACK_URL - Apple:
AUTH_APPLE_ID,AUTH_APPLE_SECRET,APPLE_CALLBACK_URL
Commands
Recipes
plan2meal add <url>- Add recipe from URLplan2meal list- List your recipesplan2meal search <term>- Search recipesplan2meal show <id>- View recipe detailsplan2meal delete <id>- Delete recipe
Grocery Lists
plan2meal lists- List all grocery listsplan2meal list-show <id>- View list with itemsplan2meal list-create <name>- Create new listplan2meal list-add <listId> <recipeId>- Add recipe to list
Help
plan2meal help- Show all commands
Setup
See SKILL.md for detailed setup instructions.
安全审计
ToxicSkills 分析
黑名单
未命中
提示词注入
未检测到
Toxic 标签
credential-accessexfiltration
当前静态检测未发现 Toxic 信号。
关键风险 0 项
暂无 LLM 风险要点(LLM 未启用或无缓存)。
确定性发现(证据)
| 规则 | 严重性 | 文件 | 片段 |
|---|---|---|---|
| SENSITIVE_ENV | 中 | skills/okikeSolutions/plan2meal/src/index.ts 行 20 | const ALLOW_DEFAULT_BACKEND = process.env.ALLOW_DEFAULT_BACKEND === 'true'; |
| SENSITIVE_ENV | 中 | skills/okikeSolutions/plan2meal/src/index.ts 行 23 | convexUrl: process.env.CONVEX_URL || DEFAULT_CONVEX_URL, |
| SENSITIVE_ENV | 中 | skills/okikeSolutions/plan2meal/src/index.ts 行 24 | githubClientId: process.env.AUTH_GITHUB_ID || process.env.GITHUB_CLIENT_ID || '', |
| SENSITIVE_ENV | 中 | skills/okikeSolutions/plan2meal/src/index.ts 行 25 | githubClientSecret: process.env.AUTH_GITHUB_SECRET || process.env.GITHUB_CLIENT_SECRET || '', |
| SENSITIVE_ENV | 中 | skills/okikeSolutions/plan2meal/src/index.ts 行 26 | githubCallbackUrl: process.env.GITHUB_CALLBACK_URL || '', |
| SENSITIVE_ENV | 中 | skills/okikeSolutions/plan2meal/src/index.ts 行 27 | googleClientId: process.env.AUTH_GOOGLE_ID || process.env.GOOGLE_CLIENT_ID || '', |
| SENSITIVE_ENV | 中 | skills/okikeSolutions/plan2meal/src/index.ts 行 28 | googleClientSecret: process.env.AUTH_GOOGLE_SECRET || process.env.GOOGLE_CLIENT_SECRET || '', |
| SENSITIVE_ENV | 中 | skills/okikeSolutions/plan2meal/src/index.ts 行 29 | googleCallbackUrl: process.env.GOOGLE_CALLBACK_URL || '', |
| SENSITIVE_ENV | 中 | skills/okikeSolutions/plan2meal/src/index.ts 行 30 | appleClientId: process.env.AUTH_APPLE_ID || process.env.APPLE_CLIENT_ID || '', |
| SENSITIVE_ENV | 中 | skills/okikeSolutions/plan2meal/src/index.ts 行 31 | appleClientSecret: process.env.AUTH_APPLE_SECRET || process.env.APPLE_CLIENT_SECRET || '', |
| SENSITIVE_ENV | 中 | skills/okikeSolutions/plan2meal/src/index.ts 行 32 | appleCallbackUrl: process.env.APPLE_CALLBACK_URL || '', |
| SENSITIVE_ENV | 中 | skills/okikeSolutions/plan2meal/src/index.ts 行 33 | clawdbotUrl: process.env.CLAWDBOT_URL || 'http://localhost:3010' |
| NET_HTTP_REQUEST | 中 | skills/okikeSolutions/plan2meal/src/index.ts 行 249 | const response = await axios.post( |
| NET_HTTP_REQUEST | 中 | skills/okikeSolutions/plan2meal/src/index.ts 行 274 | const response = await axios.post('https://oauth2.googleapis.com/token', params.toString(), { |
| NET_HTTP_REQUEST | 中 | skills/okikeSolutions/plan2meal/src/index.ts 行 291 | const response = await axios.post('https://appleid.apple.com/auth/token', params.toString(), { |
| NET_HTTP_REQUEST | 中 | skills/okikeSolutions/plan2meal/src/index.ts 行 303 | const r = await axios.get('https://api.github.com/user', { |
| QUALITY_README_PRESENT | 低 | README 行 无 | README detected |
评分标准
每个技能从 5 个维度评分,加权总分决定星级。
代码毒性 100/100 (权重 30%)
隐私风险 0/100 (权重 25%)
权限范围 80/100 (权重 20%)
作者声誉 75/100 (权重 15%)
代码质量 78/100 (权重 10%)
星级说明
5★ 安全 — 总分 ≥ 80
4★ 良好 — 总分 70–79
3★ 注意 — 总分 60–69
2★ 有风险 — 总分 40–59
1★ 危险 — 总分 < 40
为何是这个评分?
以下维度评分低于 60 分,拉低了整体评级:
- 隐私风险: 0/100