ClawHub

Order From Whole Foods

v1.0.8

Order groceries from Whole Foods using browser automation and a saved purchase policy

0· 72·0 current·0 all-time
byChad Newbry@chadnewbry
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (ordering from Whole Foods) match the instruction content: it drives the Whole Foods storefront via the OpenClaw browser and relies on a small set of saved policy config keys. No unrelated credentials, binaries, or services are requested.
Instruction Scope
The SKILL.md instructs the agent to use the OpenClaw browser profile (default 'user'), to read/write configuration under ~/.openclaw-<profile>/openclaw.json, and to interact with the Amazon storefront via the browser tool. That scope is generally necessary for web automation, but it implies access to whatever is in the browser profile (cookies, logged-in sessions) and permission to merge config into the OpenClaw profile—actions you should be aware of before enabling the skill.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is low-risk from an installation perspective (nothing is downloaded or written by an installer).
Credentials
No environment variables or external credentials are requested, which is appropriate. However, the skill implicitly depends on the user's browser profile/session for authentication to Amazon and on any existing calendar integration for calendar events. Those implicit dependencies are proportional to the purpose but worth noting.
Persistence & Privilege
always:false (default) and autonomous invocation are normal. The notable risk here is behavioral: the skill supports an 'auto_buy' mode controlled by the user's config (max_auto_spend, confirm_before_buy, etc.) that can place orders without interactive confirmation when policy conditions are met. Ensure those config settings match your expectations before enabling autonomous runs.
Assessment
This skill appears to do what it says: automate shopping on the Whole Foods Amazon storefront via the OpenClaw browser. Before installing or enabling it, do the following: (1) Review and set the config keys (especially confirm_before_buy and max_auto_spend). If you do not want any automatic charges, set confirm_before_buy:true or purchase_mode:add_to_cart_only. (2) Be aware the skill uses your OpenClaw browser profile—it will use whatever accounts/cookies are present. If you prefer isolation, create/use a separate browser profile or log in manually in a controlled session. (3) If you don’t want calendar entries added, disable calendar_blocking_enabled or confirm calendar settings in your calendar integration. (4) The skill is instruction-only (no downloads), but it can modify your OpenClaw profile config when merged—only allow that if you trust the config changes. If you want greater assurance, ask the skill to only build the cart (review-first) rather than auto-complete purchases.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c48j7msrmt597xhm31fzc2h83q08p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Configskills.entries.order-from-whole-foods.config.max_auto_spend, skills.entries.order-from-whole-foods.config.purchase_mode, skills.entries.order-from-whole-foods.config.confirm_before_buy, skills.entries.order-from-whole-foods.config.preferred_delivery_window, skills.entries.order-from-whole-foods.config.calendar_blocking_enabled

Comments