How I found critical vulnerabilities in Petlibro smart pet feeders allowing complete account takeover via broken OAuth, access to anyone's pet data, device hijacking, and private audio recordings - and how they're still leaving the auth bypass active for 'legacy compatibility' two months later.
Looks like it can be flashed with ESPHome.
Or a zigbee feeder is another option.