ClawHub

India Food Ordering - Swiggy, Zomato etc

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only food-ordering workflow that can help place real orders, but it clearly requires cart, address, and final user confirmation first.

Use this only with trusted food-ordering connectors. Before saying yes, verify the vendor, restaurant, items, total payable, full delivery address, ETA, payment method, and cancellation terms; avoid storing address aliases or order logs in shared contexts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
81% confidence
Finding
The example trigger phrase "Place it quickly." is broad, conversational language that could be matched during ordinary user interaction without clearly signaling a bounded ordering workflow. In a high-impact skill that can place food orders, ambiguous invocation language increases the risk of unintended execution paths, especially if the system interprets urgency as authorization despite the documented confirmation guardrails.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The example trigger phrase "Order to office." is ambiguous because it lacks the exact destination and could map to multiple saved addresses or inferred contexts. Although the example documents an address-disambiguation guardrail, the phrase itself is still unsafe as a trigger because it overlaps with common speech and may lead to misdelivery or accidental progression in an ordering flow if downstream checks fail or are inconsistently enforced.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal