v1.0.0

Rappi

BenignClawScan verdict for this skill. Analyzed May 2, 2026, 10:05 PM.

Analysis

This appears to be a static informational profile about Rappi, with no code or credential use, though the capability signals mention wallet/purchase-related powers that are not reflected in the skill text.

GuidanceThis skill looks safe as a read-only informational profile. Before installing or using any later version, check whether it adds real Rappi account, payment, wallet, or credential integrations, because those would require closer review and clear user approval.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceMediumStatusNote

capability signals

- requires-wallet
- can-make-purchases
- requires-sensitive-credentials

These signals describe sensitive transactional or credential-related capabilities, but the only provided skill file is an informational profile and the registry declares no credentials or runtime requirements.

User impactA user may see sensitive capability labels that do not match the actual static content; there is no artifact evidence that the skill can actually make purchases or access credentials.

RecommendationTreat the skill as informational unless additional code or install artifacts are provided; verify any future version that requests wallet, purchase, or credential access.