Zepto

The OpenClaw skill bundle is classified as benign. Its primary function is to automate grocery ordering on Zepto.com using browser automation, which is a powerful but necessary capability for its stated purpose. The skill is transparent about its actions, explicitly disclaims malicious behaviors (e.g., no automatic payments, no external data transmission beyond Zepto.com and WhatsApp, no credential storage, no persistent background jobs), and the code aligns with these statements. Instructions in `SKILL.md` guide the AI agent to follow safe operational procedures, such as always confirming the address and checking the cart, rather than attempting prompt injection for malicious ends. Local file storage for `order-history.json` is disclosed and used for a legitimate 'usuals' feature. While browser JavaScript execution (`browser act request='{"fn":"..."}'`) is a high-risk capability, the provided JavaScript is confined to Zepto.com DOM manipulation for the skill's intended functionality.