Back to skill
Skillv1.0.0
ClawScan security
mcdonalds-skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 6, 2026, 6:28 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and README are coherent with a McDonald's MCP CLI, but the package metadata omits the token environment variable the script actually requires—an inconsistency worth fixing and verifying before use.
- Guidance
- This skill appears to be a legitimate CLI client for McDonald's MCP (https://mcp.mcd.cn). Before installing or running it: (1) confirm you trust the upstream service and the token you will provide—the script sends Authorization: Bearer <token> to whichever URL is configured; (2) note the registry metadata did not declare MCDONALDS_MCP_TOKEN even though the script reads it—treat that as a metadata bug and verify you are comfortable supplying the token; (3) review the included script locally (it's pure Python standard library) and consider running it in an isolated environment or sandbox if you are unsure; (4) if you plan to set MCDONALDS_MCP_URL, ensure it points to the intended endpoint (otherwise the script will talk to whatever URL you configure). If you want higher assurance, ask the publisher to update the package metadata to declare the required env vars and to provide a homepage or source repository for provenance.
Review Dimensions
- Purpose & Capability
- okSKILL.md, the listed capabilities, and scripts/mcd_cli.py consistently implement a JSON-RPC client for https://mcp.mcd.cn (initialize, list-tools, call, smoke-test). The required network access and Authorization header are expected for this purpose.
- Instruction Scope
- okRuntime instructions are limited to contacting the MCP endpoint, listing/calling tools, and writing local JSON reports. The SKILL.md and the script only read environment vars (token, optional URL) and CLI args; they do not attempt to access unrelated system files or external endpoints beyond the configured MCP URL.
- Install Mechanism
- okNo install spec or external downloads are included; the skill is instruction-only with a single pure-stdlib Python script. No archive downloads or third-party package installs were observed.
- Credentials
- noteThe script expects an authorization token via MCDONALDS_MCP_TOKEN (and optionally MCDONALDS_MCP_URL / PYTHONIOENCODING), but the registry metadata lists no required environment variables or primary credential—this metadata omission is inconsistent and should be corrected. The token request itself is proportional to the stated functionality.
- Persistence & Privilege
- okThe skill does not request permanent/always-on presence, does not modify other skills or global agent settings, and runs only when invoked. Autonomous invocation is allowed by default but is not combined with other high privileges here.