ClawHub

Wolt Orders

v1.0.0

Discover restaurants with advanced filters (cuisine, price, distance, rating, promotions), place single or group orders on Wolt.com, reorder past favorites, track status in real-time, automatically detect delays and contact support, and push rich updates to Slack or other channels.

2· 1.8k·1 current·1 all-time
by@dviros
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (Wolt ordering, discovery, placing orders, tracking) aligns with the runtime instructions: it requires a browser-enabled tool, navigates wolt.com, scrapes menus/orders, and performs checkout/track/support actions — these capabilities legitimately need browser automation and session access.
!
Instruction Scope
The SKILL.md instructs the agent to collect user Wolt credentials, maintain persistent sessions via browser cookies/profiles, scrape account/orders, perform checkouts, and initiate support chats. Those behaviors are coherent for an ordering assistant, but they involve broad access to account data and payment flows. The document lacks detail about how session data is stored, protected, or limited, and while it requires explicit user confirmation before placing orders, the mechanism for enforcing that is unspecified.
Install Mechanism
Instruction-only skill with no install spec or code files — lowest install risk (nothing is downloaded or written by an install step).
!
Credentials
The skill requests that users supply Wolt credentials and to store session cookies/profile for persistent login. Those requests are functionally necessary but are high-sensitivity (credentials, payment access). The skill declares no environment variables or primary credential metadata and provides no guidance on secure storage, tokenization, or least-privilege practices.
Persistence & Privilege
always is false (good). The skill runs only when invoked, but autonomous model invocation is permitted by platform default. Combined with the requested persistent browser session and account credentials, this raises a non-trivial blast radius if the skill or agent misbehaves — however, the SKILL.md does instruct to ask explicit confirmation before placing orders.
What to consider before installing
Before installing or using this skill consider: (1) Source trust: there is no homepage or known publisher — prefer skills from known vendors. (2) Credentials: the skill asks for your Wolt login and to store session cookies; only supply credentials if you trust how sessions are stored and isolated. Ask the publisher how/where cookies/profiles are saved and whether they are encrypted and scoped per-skill. (3) Payment exposure: the skill may use saved payment methods on your Wolt account — test with a low-value order or a new/test account. (4) Confirmations & autonomy: verify in practice that the skill always prompts for explicit confirmation before checkout. (5) Notifications & channels: confirm what channel permissions (Slack scopes) are needed and be cautious about posting order details to shared channels. (6) Request more transparency: ask the author for code, a privacy/security statement explaining session storage and data retention, and an official homepage or contact. If you can't get clear answers, avoid entering real credentials or limit use to a disposable/test account.

Like a lobster shell, security has layers — review code before you run it.

latestvk975xvha598tjtkp8m7nk7p0sn7zz22w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🍔 Clawdis
Configbrowser.enabled

Comments