v1.0.0

Hellofresh

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:14 AM.

Analysis

The skill appears purpose-aligned for HelloFresh, but it needs review because it uses logged-in browser/account access, can affect meal selections, stores sensitive subscription details, and includes real-looking personal tracking data in its artifacts.

GuidanceReview carefully before installing. Use a dedicated browser profile, avoid cloud mode unless needed, remove the real-looking tracking/contact data from the package, pin dependencies, and require explicit confirmation before any subscription, delivery, or meal-selection change.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceMediumStatusConcern

README.md

- **Meal Selection** — Change your weekly meal selection

Changing meal selections can mutate a paid subscription/order, but the artifacts do not describe explicit confirmation, limits, or rollback behavior for such changes.

User impactAn unintended or poorly reviewed action could change what is delivered or affect the user's subscription experience.

RecommendationRequire explicit user confirmation before any order, subscription, delivery, or meal-selection change, and show a clear preview of the change before applying it.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

package.json

"dependencies": { "@onkernel/sdk": "^1.0.0", "playwright": "^1.40.0" }

The package uses external dependencies with caret version ranges, and the registry source/homepage are not provided.

User impactInstalling dependencies may pull newer package versions than those originally tested.

RecommendationPin dependency versions and publish a clear source repository or lockfile before relying on the package.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

SKILL.md

**Browser:** Uses profile="chrome" (Chrome Extension Relay) or Kernel.sh cloud

Using the user's Chrome profile or a cloud browser can give the skill access to an authenticated HelloFresh session, while the registry declares no primary credential or capability tags.

User impactThe skill may act with the authority of the logged-in HelloFresh account and, in cloud mode, may involve a remote browser session.

RecommendationUse a dedicated browser profile or explicitly scoped login, and ensure the skill metadata clearly declares browser/account access and any cloud-mode credential requirements.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityHighConfidenceHighStatusConcern

IMPLEMENTATION_NOTES.md

Current settings example: ... Additional: "APPT : 18 +1819..." ... URLs Tested ... subscriptionId=2704903 ... tracking.obibox.io/XPHFRE217...

The distributed notes include real-looking subscription IDs, tracking identifiers, and contact/delivery instructions, which exposes sensitive shipment/account context inside the skill package.

User impactPrivate delivery or contact details could be exposed to anyone who inspects or processes the skill artifacts, and the presence of such data indicates weak handling of sensitive account information.

RecommendationRemove all real account, tracking, address, and phone details from shipped artifacts; replace them with clearly fake examples before installation or publication.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

handler.ts

deliveryAddress: string; paymentMethod: string; ... fs.writeFileSync(tmpFile, JSON.stringify(session, null, 2));

The session model includes delivery and payment metadata and is written as local JSON under the user's home directory.

User impactLocal files may retain personal subscription, delivery, and payment-summary data beyond the current task and could be read by other local tools or agents.

RecommendationMinimize stored fields, avoid storing payment-related data unless necessary, document retention, and provide a clear reset/delete path for all cached data.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

**Browser:** ... Kernel.sh cloud ... **Shipment Alerts:** ... Sends notifications via Telegram when enabled

The skill discloses optional external channels for browser execution and shipment notifications, but the artifacts do not detail provider data boundaries or retention.

User impactIf enabled, account pages or shipment status information may pass through Kernel.sh or Telegram as part of normal operation.

RecommendationEnable cloud mode and Telegram alerts only if you are comfortable with those providers receiving the relevant browser/session or shipment-notification data.