← Back to Skills Marketplace

eleme-food-recommend

Name: eleme-food-recommend
Author: du425

by Du425 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

285

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install eleme-food-recommend

Description

饿了么外卖推荐技能，根据用户饭点和口味偏好推荐附近外卖

README (SKILL.md)

饿了么外卖推荐 Skill

根据用户的饭点设置和口味偏好，在饭点前推荐附近外卖店铺的菜品。

功能

设置用户饭点（早餐、午餐、晚餐时间）
设置口味偏好（清淡、重口、微辣、中辣等）
设置每日推荐菜品数量
根据定位获取附近外卖店
智能推荐符合口味的菜品

使用

# 设置用户信息（cookie、饭点、口味、数量）
python main.py set-config --cookie "your_eleme_cookie" --breakfast "07:30" --lunch "11:30" --dinner "18:30" --flavor "清淡" --count 3

# 获取今日推荐
python main.py recommend

# 查看当前配置
python main.py show-config

Usage Guidance

This skill appears to do what it claims, but exercise caution before installing or providing secrets. Specific recommendations: - The skill requires you to paste your Ele.me browser session cookie; that cookie grants account access. Only use cookies from accounts you control and avoid pasting them on shared or untrusted machines. - The cookie is stored in plaintext at ~/.openclaw/skills/eleme-food-recommend/config.json. Consider restricting file permissions (chmod 600) or removing the cookie from disk after use. - The eleme_api module disables SSL verification (ssl.verify_mode = CERT_NONE and check_hostname = False). This weakens TLS and makes requests vulnerable to man-in-the-middle interception of your cookie. If you plan to use this, edit create_ssl_context() to use the default, secure SSL context. - Inspect and run the code locally rather than running unknown binaries. Because this is pure Python making HTTP requests, review or modify it to use more secure storage or to accept a short-lived token rather than a full session cookie. - If you want stronger assurance, ask the author for an explanation why SSL verification is disabled and for an option to store credentials encrypted or to use an OAuth/app token instead of a browser cookie.

Capability Analysis

Type: OpenClaw Skill Name: eleme-food-recommend Version: 1.0.0 The skill bundle contains a significant security vulnerability in scripts/eleme_api.py, where SSL certificate verification is explicitly disabled (ssl.CERT_NONE), making the connection susceptible to Man-in-the-Middle (MitM) attacks. Additionally, the skill requires users to input sensitive session cookies, which are stored in plaintext in a local configuration file (~/.openclaw/skills/eleme-food-recommend/config.json). While these are high-risk practices, there is no clear evidence of intentional malice or data exfiltration to unauthorized third-party domains.

Capability Assessment

✓ Purpose & Capability

Name/description match the code: the skill asks the user for an Ele.me cookie and location, stores settings, calls Ele.me endpoints to list restaurants and menus, and filters foods by flavor. No unrelated credentials, binaries, or external services are requested.

ℹ Instruction Scope

SKILL.md and README instruct the user to supply their Ele.me cookie (via CLI or copy from browser). The skill reads/writes a config.json in ~/.openclaw/skills/eleme-food-recommend; that storage of a full session cookie is expected for this functionality but is sensitive. The runtime instructions do not attempt to read other system files or environment variables.

✓ Install Mechanism

No install/download steps are present (instruction-only metadata). The repository includes Python scripts that run locally; nothing is downloaded from untrusted URLs or installed automatically.

ℹ Credentials

The skill does not request environment variables or external credentials, but it does require the user to provide their Ele.me session cookie. Storing that cookie in a plaintext JSON file in the user's home directory is proportionate to the feature but carries privacy risk: the cookie grants access to the user's Ele.me account and should be treated as a secret.

✓ Persistence & Privilege

always is false and the skill does not modify other skills or system-wide configs. It persists only its own config under ~/.openclaw/skills/eleme-food-recommend, which is expected for a user-facing CLI utility.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install eleme-food-recommend
After installation, invoke the skill by name or use /eleme-food-recommend
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

first publish

Metadata

Slug eleme-food-recommend

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is eleme-food-recommend?

饿了么外卖推荐技能，根据用户饭点和口味偏好推荐附近外卖. It is an AI Agent Skill for Claude Code / OpenClaw, with 285 downloads so far.

How do I install eleme-food-recommend?

Run "/install eleme-food-recommend" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is eleme-food-recommend free?

Yes, eleme-food-recommend is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does eleme-food-recommend support?

eleme-food-recommend is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created eleme-food-recommend?

It is built and maintained by Du425 (@du425); the current version is v1.0.0.

More Skills