order
Security checks across malware telemetry and agentic risk
Overview
This skill is a coherent demo Android ordering/cart control skill with disclosed cart mutation and submit actions, but no evidence of hidden code, credentials, payments, persistence, or data exfiltration.
This appears safe for its stated demo purpose. Before installing, understand that it lets the agent modify a cart and submit a demo order on the paired Android device; ask the agent to read back the cart and total before submission.
VirusTotal
63/63 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could change the demo cart or submit the current demo order if asked or if it decides the command is appropriate.
The skill exposes commands that mutate the cart and submit an order, which is expected for an ordering skill but still user-impacting enough that users should be aware.
`order.clearGoods` | Clear cart. | `order.submitOrder` | Submit cart as order; returns summary (demo only).
Use this skill for demo ordering only, and confirm cart contents and total before allowing submission.