ClawHub

mcdonalds-skill

Security checks across malware telemetry and agentic risk

Overview

This McDonalds MCP skill is mostly coherent, but it can use a live account token to create orders or change account data without clear built-in confirmation safeguards.

Install only if you intend to let an agent use your McDonalds MCP token. Review every tool name and JSON argument before running it, and require your own explicit confirmation for order creation, coupon binding, points redemption, or address changes. Treat terminal output and saved JSON reports as sensitive account data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The listed tools include actions with real account and transactional side effects, such as binding coupons, creating delivery addresses, creating food orders, and redeeming mall points, but the skill provides no prominent warning that these may affect a real user account or incur financial/logistical consequences. In an agent setting, this can lead to unintended purchases, address creation, coupon redemption, or loyalty-point consumption if invoked without explicit, informed user consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The CLI includes and prints server-derived raw_text/parsed content for initialize, tools/list, tools/call, and smoke-test results. If the MCP service returns sensitive business data, user data, session material, or echoed secrets, those values will be written to stdout and possibly logs or terminal history without redaction or a clear warning, creating an information disclosure risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal