← Back to Skills Marketplace
Mealplan
by
bytesagain1
· GitHub ↗
· v3.0.0
· MIT-0
340
Downloads
0
Stars
2
Active Installs
8
Versions
Install in OpenClaw
/install mealplan
Description
Plan meals with calorie tracking and shopping lists. Use when organizing weekly meals.
Usage Guidance
This skill appears coherent and local-only, but review and consider these practical points before installing: (1) it stores all data under ~/.local/share/mealplan — sensitive meal notes will be stored in plain files; (2) the shell script builds JSON by echoing raw user input without escaping and uses unquoted variables in places (grep and data writes), which can cause malformed records or unexpected behavior if you pass unusual characters — this is a robustness/data-integrity issue, not evidence of exfiltration; (3) if you want extra safety, inspect or run the script in a sandbox, or modify it to properly escape/quote inputs and validate arguments before use.
Capability Analysis
Type: OpenClaw Skill
Name: mealplan
Version: 3.0.0
The script `scripts/script.sh` contains a shell injection vulnerability in the `cmd_add` function, where user-provided arguments are concatenated into an `echo` command without proper quoting or sanitization. While the skill's functionality is consistent with its stated purpose of meal planning, this flaw allows for arbitrary command execution if the agent passes maliciously crafted input to the script.
Capability Assessment
Purpose & Capability
Name/description, SKILL.md, and the bundled script are consistent: all commands (add, list, plan, nutrition, shopping, random) map to script functions. The data directory documented in SKILL.md matches the script's DATA_DIR.
Instruction Scope
SKILL.md instructs the agent to invoke the included script with simple command-line arguments. The runtime instructions do not request or read unrelated files, environment variables, or external endpoints beyond the local data directory.
Install Mechanism
There is no install spec; the skill is instruction-only with a single bundled script. Nothing is downloaded or extracted during install.
Credentials
The skill requires no environment variables, credentials, or config paths. The script only uses $HOME and standard utilities (date, grep, echo) which is proportional to its purpose.
Persistence & Privilege
The skill is not force-included (always: false) and does not modify other skills or system-wide configs. It stores user data in a single user-local directory (~/.local/share/mealplan), which is expected for this kind of tool.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install mealplan - After installation, invoke the skill by name or use
/mealplan - Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.0.0
v3.0.0: Complete rewrite.
v2.0.1
update
v2.0.0
v2.5 standard: Use-when desc, homepage, source, security fix
v1.0.4
old template -> domain-specific v2.0.0
v1.0.3
old template -> domain-specific v2.0.0
v1.0.2
Quality upgrade
v1.0.1
Quality upgrade: custom functionality
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Mealplan?
Plan meals with calorie tracking and shopping lists. Use when organizing weekly meals. It is an AI Agent Skill for Claude Code / OpenClaw, with 340 downloads so far.
How do I install Mealplan?
Run "/install mealplan" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Mealplan free?
Yes, Mealplan is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Mealplan support?
Mealplan is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Mealplan?
It is built and maintained by bytesagain1 (@bytesagain1); the current version is v3.0.0.
More Skills