elm
Security checks across malware telemetry and agentic risk
Overview
The skill is mostly transparent and consent-gated, but its listing-level description understates that it can use a logged-in Ele.me account and add items to your cart.
Only install or use this if you are comfortable letting the agent work inside your logged-in Ele.me session to prepare a cart. Do not provide passwords or verification codes, and always review the address, items, discounts, fees, total, and merchant before paying.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may install or invoke it expecting advice only, then discover it can operate inside their logged-in Ele.me account.
This user-facing description suggests public-information analysis, while the provided SKILL.md and README describe using an authenticated Ele.me session, reading account-visible data, and adding items to cart.
Description: Help users make better Eleme ordering decisions from public merchant and promotion information.
Update the registry/listing description and capability metadata to clearly state authenticated-session use, saved address/coupon/cart access, add-to-cart behavior, and the no-payment boundary.
The agent may see account-specific addresses, coupons, red packets, and cart details while helping prepare an order.
The skill uses a user's authenticated Ele.me account context and personal delivery/account data. This is purpose-aligned for ordering assistance and is consent-gated, but users should notice the privilege involved.
It may access the user's Ele.me account, saved addresses, account-visible coupons or red packets, and cart state only after explicit user consent
Use it only when you intend to let the agent work in your Ele.me session; do not share login secrets, and confirm the selected address and account context.
Your cart may be changed, although the skill says you must still review and pay yourself.
Adding items to cart mutates account state, but the instructions require explicit consent and stop before payment or irreversible order submission.
With explicit consent, add the chosen items to cart and select the best visible discount path. Stop at cart or pre-payment review.
Review the cart, merchant, items, delivery address, discounts, fees, and total before paying.