← Back to Skills Marketplace
m3d3l

kitchen-control

by M3D3L · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
205
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install kitchen-control
Description
Manage freezer inventory via WhatsApp commands, track stock and expiration, log sales, generate schedules, adjust prices dynamically, and forecast demand usi...
README (SKILL.md)

Freezer Inventory Management Skill for OpenClaw

Overview

This skill manages freezer inventory in a convenience store via WhatsApp commands. It tracks inventory with expiration dates, logs sales, creates schedules for display, dynamically adjusts pricing based on cost and expiration, and uses an AI API for forecasting demand.

Features

  • Parse WhatsApp text commands: inventory input, sales updates, schedule requests
  • Integrate with PocketBase for persistent storage
  • Apply cost-aware dynamic pricing discounts
  • Call external AI API for sales forecasting and price recommendations
  • Provide WhatsApp-formatted response messages
  • Basic user role-based authorization

Usage

Deploy in OpenClaw runtime with environment variables configured for PocketBase and AI API. Connect your WhatsApp webhook to route messages to this skill.

Files

  • freezer_inventory_skill.js — main skill code

Installation

  1. Place the skill directory freezer_inventory_skill/ inside your OpenClaw skills folder.
  2. Configure environment variables:
    • POCKETBASE_URL, POCKETBASE_ADMIN_TOKEN for PocketBase access
    • AI_API_KEY, AI_API_URL for forecasting API
  3. Register and enable the skill in your OpenClaw instance.
  4. Route WhatsApp webhook messages to this skill.

Commands

  • inventory item1 qty1 item2 qty2 expiration YYYY-MM-DD
  • sold item qty
  • schedule

Notes

  • Extend integration with real WhatsApp API for message sending.
  • User authentication mapped by WhatsApp number.
  • Logging enabled for debugging.
Usage Guidance
This skill largely does what it says (inventory/sold/schedule via PocketBase), but before installing: - Do not hand over a PocketBase admin token to this skill in production; ask the developer to use a scoped service account or API key with minimal privileges instead. Full admin tokens allow total control of your PocketBase data. - Confirm whether the AI forecasting feature will actually call an external API and where that data will be sent; the current code uses a stub but the README asks for an AI key — avoid providing keys until that behavior is explicit. - Request implementation of user authorization checks (role mapping by WhatsApp number) and server-side validation so arbitrary callers can't manipulate inventory. - Test the skill in an isolated environment with a local PocketBase instance and dummy credentials before connecting it to production WhatsApp/webhooks. If the developer cannot justify the admin token requirement or provide a least-privilege alternative, treat the skill as unsafe for production.
Capability Analysis
Type: OpenClaw Skill Name: kitchen-control Version: 1.0.0 The skill contains a significant injection vulnerability in `freezer_inventory_skill.js` where user-provided input from WhatsApp commands is directly interpolated into PocketBase database filters (e.g., `filter: name = "${item.name}"`). Furthermore, the skill documentation in `SKILL.md` claims to provide role-based authorization, but the implementation lacks any actual identity verification, and the use of `POCKETBASE_ADMIN_TOKEN` for routine operations grants excessive privileges that could be exploited via the injection flaw.
Capability Assessment
Purpose & Capability
Name/description (WhatsApp + inventory + forecasting) matches what the code implements for inventory, sales, and schedule using PocketBase. However, the skill asks for a POCKETBASE_ADMIN_TOKEN (full admin access) which is higher privilege than required for typical CRUD inventory operations — a scoped service account or API key would be more appropriate. The SKILL.md also advertises AI forecasting and role-based auth; the code contains only a stub for the AI call and does not enforce per-user authorization checks.
Instruction Scope
SKILL.md instructs routing WhatsApp webhooks, configuring PocketBase and AI env vars, and mentions role-based auth and logging. The runtime code parses WhatsApp text commands and reads the declared env vars, but it does not implement role checks or logging, and the AI forecasting is a stub (no external AI call). This gap between documentation and implementation is scope-incoherent and may mislead operators about what the skill actually does and what data is transmitted.
Install Mechanism
There is no install spec (instruction-only plus one JS file). Nothing is downloaded or written by an installer, which is lowest-risk from an install mechanism perspective.
Credentials
SKILL.md requests POCKETBASE_URL and POCKETBASE_ADMIN_TOKEN and AI_API_KEY/AI_API_URL. Requiring the admin token is disproportionate for ordinary inventory operations and gives full control of the PocketBase instance; the code uses that admin auth approach directly. The AI_API_KEY/URL are declared but the code uses a local stub instead of making calls — collecting a key that isn't used is suspicious and increases risk. No other unrelated credentials are requested.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges or modify other skills' configuration. It only uses its own connections to PocketBase.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install kitchen-control
  3. After installation, invoke the skill by name or use /kitchen-control
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Freezer Inventory Management Skill 1.0.0 — Initial Release - Enables freezer inventory tracking and sales logging via WhatsApp commands. - Integrates with PocketBase for persistent inventory and user data storage. - Applies dynamic, cost-aware pricing discounts based on expiration dates. - Fetches sales forecasts and price recommendations using an external AI API. - Supports role-based authorization and WhatsApp-formatted response messages. - Easily deployable within OpenClaw with basic setup and environment variables.
Metadata
Slug kitchen-control
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is kitchen-control?

Manage freezer inventory via WhatsApp commands, track stock and expiration, log sales, generate schedules, adjust prices dynamically, and forecast demand usi... It is an AI Agent Skill for Claude Code / OpenClaw, with 205 downloads so far.

How do I install kitchen-control?

Run "/install kitchen-control" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is kitchen-control free?

Yes, kitchen-control is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does kitchen-control support?

kitchen-control is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created kitchen-control?

It is built and maintained by M3D3L (@m3d3l); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments