← 返回 Skills 市场
m3d3l

kitchen-control

作者 M3D3L · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
205
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install kitchen-control
功能描述
Manage freezer inventory via WhatsApp commands, track stock and expiration, log sales, generate schedules, adjust prices dynamically, and forecast demand usi...
使用说明 (SKILL.md)

Freezer Inventory Management Skill for OpenClaw

Overview

This skill manages freezer inventory in a convenience store via WhatsApp commands. It tracks inventory with expiration dates, logs sales, creates schedules for display, dynamically adjusts pricing based on cost and expiration, and uses an AI API for forecasting demand.

Features

  • Parse WhatsApp text commands: inventory input, sales updates, schedule requests
  • Integrate with PocketBase for persistent storage
  • Apply cost-aware dynamic pricing discounts
  • Call external AI API for sales forecasting and price recommendations
  • Provide WhatsApp-formatted response messages
  • Basic user role-based authorization

Usage

Deploy in OpenClaw runtime with environment variables configured for PocketBase and AI API. Connect your WhatsApp webhook to route messages to this skill.

Files

  • freezer_inventory_skill.js — main skill code

Installation

  1. Place the skill directory freezer_inventory_skill/ inside your OpenClaw skills folder.
  2. Configure environment variables:
    • POCKETBASE_URL, POCKETBASE_ADMIN_TOKEN for PocketBase access
    • AI_API_KEY, AI_API_URL for forecasting API
  3. Register and enable the skill in your OpenClaw instance.
  4. Route WhatsApp webhook messages to this skill.

Commands

  • inventory item1 qty1 item2 qty2 expiration YYYY-MM-DD
  • sold item qty
  • schedule

Notes

  • Extend integration with real WhatsApp API for message sending.
  • User authentication mapped by WhatsApp number.
  • Logging enabled for debugging.
安全使用建议
This skill largely does what it says (inventory/sold/schedule via PocketBase), but before installing: - Do not hand over a PocketBase admin token to this skill in production; ask the developer to use a scoped service account or API key with minimal privileges instead. Full admin tokens allow total control of your PocketBase data. - Confirm whether the AI forecasting feature will actually call an external API and where that data will be sent; the current code uses a stub but the README asks for an AI key — avoid providing keys until that behavior is explicit. - Request implementation of user authorization checks (role mapping by WhatsApp number) and server-side validation so arbitrary callers can't manipulate inventory. - Test the skill in an isolated environment with a local PocketBase instance and dummy credentials before connecting it to production WhatsApp/webhooks. If the developer cannot justify the admin token requirement or provide a least-privilege alternative, treat the skill as unsafe for production.
功能分析
Type: OpenClaw Skill Name: kitchen-control Version: 1.0.0 The skill contains a significant injection vulnerability in `freezer_inventory_skill.js` where user-provided input from WhatsApp commands is directly interpolated into PocketBase database filters (e.g., `filter: name = "${item.name}"`). Furthermore, the skill documentation in `SKILL.md` claims to provide role-based authorization, but the implementation lacks any actual identity verification, and the use of `POCKETBASE_ADMIN_TOKEN` for routine operations grants excessive privileges that could be exploited via the injection flaw.
能力评估
Purpose & Capability
Name/description (WhatsApp + inventory + forecasting) matches what the code implements for inventory, sales, and schedule using PocketBase. However, the skill asks for a POCKETBASE_ADMIN_TOKEN (full admin access) which is higher privilege than required for typical CRUD inventory operations — a scoped service account or API key would be more appropriate. The SKILL.md also advertises AI forecasting and role-based auth; the code contains only a stub for the AI call and does not enforce per-user authorization checks.
Instruction Scope
SKILL.md instructs routing WhatsApp webhooks, configuring PocketBase and AI env vars, and mentions role-based auth and logging. The runtime code parses WhatsApp text commands and reads the declared env vars, but it does not implement role checks or logging, and the AI forecasting is a stub (no external AI call). This gap between documentation and implementation is scope-incoherent and may mislead operators about what the skill actually does and what data is transmitted.
Install Mechanism
There is no install spec (instruction-only plus one JS file). Nothing is downloaded or written by an installer, which is lowest-risk from an install mechanism perspective.
Credentials
SKILL.md requests POCKETBASE_URL and POCKETBASE_ADMIN_TOKEN and AI_API_KEY/AI_API_URL. Requiring the admin token is disproportionate for ordinary inventory operations and gives full control of the PocketBase instance; the code uses that admin auth approach directly. The AI_API_KEY/URL are declared but the code uses a local stub instead of making calls — collecting a key that isn't used is suspicious and increases risk. No other unrelated credentials are requested.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges or modify other skills' configuration. It only uses its own connections to PocketBase.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install kitchen-control
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /kitchen-control 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Freezer Inventory Management Skill 1.0.0 — Initial Release - Enables freezer inventory tracking and sales logging via WhatsApp commands. - Integrates with PocketBase for persistent inventory and user data storage. - Applies dynamic, cost-aware pricing discounts based on expiration dates. - Fetches sales forecasts and price recommendations using an external AI API. - Supports role-based authorization and WhatsApp-formatted response messages. - Easily deployable within OpenClaw with basic setup and environment variables.
元数据
Slug kitchen-control
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

kitchen-control 是什么?

Manage freezer inventory via WhatsApp commands, track stock and expiration, log sales, generate schedules, adjust prices dynamically, and forecast demand usi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 205 次。

如何安装 kitchen-control?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install kitchen-control」即可一键安装,无需额外配置。

kitchen-control 是免费的吗?

是的,kitchen-control 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

kitchen-control 支持哪些平台?

kitchen-control 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 kitchen-control?

由 M3D3L(@m3d3l)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论