ClawHub

Wolt Orders

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Wolt food-ordering skill, but it can operate a logged-in account, place real orders after confirmation, and share order updates to connected channels.

Install only if you are comfortable letting the agent use a logged-in Wolt browser session. Before confirming anything, check the restaurant, items, quantities, address, total, payment method, support message, and exact notification channel; avoid broad or public channels for order updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The example invocations are written as common, everyday requests such as 'Order pizza from Domino's for me' and 'Track my last Wolt order,' which are plausible natural-language utterances outside an explicit skill-selection flow. In systems that route skills by semantic matching, this can cause accidental invocation of a high-impact transactional skill that can access account history, initiate support chats, and progress toward food ordering actions, increasing the risk of unintended side effects.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The description advertises proactive notifications to Slack or other channels, including order confirmations, tracking updates, delay alerts, and support summaries, but does not clearly warn that this may disclose personal order metadata to third-party destinations. Because this skill handles delivery addresses, restaurant choices, timing, and support interactions, silent or poorly explained external sharing creates a meaningful privacy and data-leakage risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal