ClawHub
Back to skill
v1.0.0

Wolt Orders

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:53 AM.

Analysis

The skill is coherent and purpose-aligned, but it handles Wolt login/session, saved payment checkout, live order monitoring, and optional Slack/channel updates for real orders.

GuidanceThis skill does not show artifact-backed malicious behavior. Install/use it only if you are comfortable letting the agent operate a logged-in Wolt browser session, and always review the cart, address, total, payment method, support messages, and notification channel before approving actions.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
Confirm delivery address, payment method (use saved if available). ... Require explicit user confirmation ("yes/confirm/place it"). Place order.

The skill can use the browser to complete paid checkout with a saved payment method, but the instructions explicitly require user confirmation before placing an order.

User impactA mistaken confirmation could result in a real paid food order being placed.
RecommendationBefore confirming, verify restaurant, items, quantities, address, total price, fees, ETA, and payment method.
Rogue Agents
SeverityLowConfidenceHighStatusNote
SKILL.md
Support live polling ("watch mode") in ongoing conversation.

The skill can continue monitoring an order during a conversation. This is disclosed and purpose-aligned, but users should bound how long monitoring and notifications continue.

User impactThe agent may keep checking order status and sending updates while watch mode is active.
RecommendationUse watch mode only for a specific active order and tell the agent when to stop monitoring.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
User must provide Wolt credentials on first use (email/phone + password or OTP flow). Store session securely via browser cookies/profile.

The skill is expected to log into Wolt, but it will handle account credentials/session cookies, which is sensitive delegated account access.

User impactThe agent may operate inside the user's Wolt account using a persistent logged-in browser session.
RecommendationUse a trusted browser profile, confirm the Wolt account before ordering, and sign out or revoke the session if you no longer want the skill to have access.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
SKILL.md
Retrieve and share the group order link via channel_send (e.g., Slack thread). ... Push delay alerts and support updates to channel.

The skill may send order links, tracking details, and support updates to Slack or other connected channels, which can expose order information to channel members.

User impactPeople in the selected channel may see food order details, tracking links, support messages, or other personal delivery information.
RecommendationSpecify the exact channel for notifications and avoid sending order or tracking links to broad or public channels.