Roty Tiffin Skill

v0.1.0

Parse "Roty input" messages from authorized Telegram users to create Roty tiffin orders via HTTPS POST without UI automation.

⭐ 0· 309·0 current·0 all-time

byHorng Yang Tan@horngtan

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The stated purpose is to parse Telegram messages and create orders via HTTPS POST, which matches the dispatcher, parser, pricing, payload builder, and post_order scripts. However the repo also contains Playwright/vision automation templates (roty_order_automation.py, roty_playwright_dryrun.py) and embedded login credentials which are outside the claimed 'POST-only / no UI automation' purpose — this is an unexpected capability and a coherence problem.

Instruction Scope

SKILL.md mandates a single entrypoint (scripts/handle_message.py) and says explicitly 'DO NOT use Playwright or browser automation'. The dispatcher and helper scripts follow that model. But several included scripts implement browser automation, take screenshots, and even type credentials; these files are not referenced by the SKILL.md execution path but remain in the package and contradict the declared runtime restrictions. Documentation also conflicts internally: SKILL.md requires immediate POST (no dry-run prompt) while RULES.md states dry-run by default.

✓

Install Mechanism

There is no install spec (instruction-only install), so nothing is downloaded or auto-installed by the manifest. That minimizes install-time risk. The only code is bundled in the skill archive; no external URLs or extraction steps are present.

Credentials

The skill declares no required environment variables, but the runtime uses DRY_RUN and OPENCLAW_CONTEXT environment variables (undocumented in requires.env). More importantly, several scripts contain hardcoded sensitive-looking values: a remote POST endpoint is hardcoded in SKILL.md and post_order.py, build_payload.py hardcodes userRef/vendorRef, and Playwright automation contains plaintext email/password and phone numbers. The embedded plaintext credentials and the external endpoint mean customer order data would be sent to an external host and that sensitive secrets are present in code — disproportionate given the stated safety rules.

✓

Persistence & Privilege

The skill does not request always:true and does not modify other skills or system-wide settings. It reads/writes only its own data files (e.g., data/allowed_users.json, products_roty.json). onboard_product allows bypass when OPENCLAW_CONTEXT is set (expected for platform-managed calls) but this is normal for admin-onboard flows.

Scan Findings in Context

[playwright-automation-present] unexpected: SKILL.md explicitly forbids Playwright/UI automation, but repository contains Playwright/vision automation templates (roty_order_automation.py, roty_playwright_dryrun.py). Presence is inconsistent with stated POST-only behaviour.

[embedded-plaintext-credentials] unexpected: roty_order_automation.py includes apparent plaintext credentials (email 'samwisethebot@gmail.com' and password 'Samwisethebot') and phone numbers that are not referenced in SKILL.md. Hardcoded credentials in code are a sensitive exposure and not justified by the SKILL.md.

[hardcoded-endpoint-and-refs] expected: post_order.py and SKILL.md both hardcode the target POST endpoint and build_payload.py hardcodes userRef/vendorRef. Having a hardcoded endpoint is expected for an integration, but you should verify ownership/trust of that endpoint before sending customer data.

[conflicting-dry-run-policy] unexpected: RULES.md claims dry-run-by-default and requires an explicit 'POST now' to send live orders; SKILL.md and handle_message.py default to live unless DRY_RUN=1. This inconsistency could cause accidental live orders.

[product-hardCodedPrice-in-registry] unexpected: data/products_roty.json includes a 'hardCodedPrice' field for a product even though SKILL.md / RULES.md instruct never to use hardCodedPrice; this is an internal consistency issue.

What to consider before installing

What to check before installing or enabling this skill: 1) Remove or isolate Playwright/automation files if you intend to enforce POST-only behavior. The SKILL.md forbids UI automation but the package includes Playwright templates and scripts that would perform browser actions and type credentials — delete or audit these files. 2) Verify the hardcoded POST endpoint and the provider who controls it. This skill will send parsed customer addresses, names, phone numbers, and order details to that URL. If you do not control or trust that endpoint, do not install or run it. 3) Treat embedded plaintext credentials as potential secrets: either confirm they are dummy/test values, or rotate any real credentials and remove them from code. Search the repo for any other hardcoded secrets. 4) Decide which dry-run policy you want and make it explicit: either set DRY_RUN=1 for testing or modify handle_message.py/RULES.md so both agree. Run many DRY_RUN tests with test messages to validate parser, pricing and payload shapes before allowing live posts. 5) Review allowed_users.json and onboarding behavior. onboard_product allows OpenClaw context to bypass admin checks; ensure only trusted processes can set OPENCLAW_CONTEXT. If you rely on human admin control, limit or remove openclaw bypass. 6) Consider a code cleanup: remove unused templates, strip credentials, and document which files are authoritative for runtime. After cleanup, re-run tests and only then enable the skill for autonomous invocation. If you want higher confidence I can: (a) list every file that contains literals resembling credentials or endpoints, (b) show the exact payload shape the skill will POST for a sample message, or (c) suggest a minimal trimmed package that implements only the POST path with no automation templates.

Like a lobster shell, security has layers — review code before you run it.

latestvk9767p9n2kx7qjbvevgcqjeyxs828m46

309downloads

0stars

1versions

Updated 2h ago

v0.1.0

MIT-0

name: add-tiffin-order-roty-input description: "POST-only: Parse 'Roty input' messages and create Roty orders via HTTPS POST (no Playwright/UI automation)."

Add Tiffin Order - Roty Input (POST-only)

Trigger

Run when an inbound message contains the exact phrase "Roty input" (case-insensitive).

Important

DO NOT use Playwright, browser automation, screenshots, or vision clicks.
This skill creates orders only by sending a JSON payload via HTTPS POST to: https://newdailyorderandcartcreation-818352713629.australia-southeast1.run.app

Execution (MANDATORY)

When triggered, you MUST call the dispatcher script and use its output. Do NOT manually construct curl or JSON payloads.

Run: python3 /data/.openclaw/workspace/skills/add-tiffin-order-roty-input/scripts/handle_message.py <sender_id> "<full inbound message>"

Rules:

Always POST using the dispatcher (unless it returns Missing address/dates/product).
Never hardcode perProductCost (never "[15]").
Never use hardCodedPrice for perProductCost.
perProductCost MUST come from pricing_engine.py via handle_message.py.

Authorization (Telegram)

Only allow Telegram users whose from.id is in: data/allowed_users.json under admins or vendors.
If unauthorized: reply "Not authorized."

Behavior

Parse messy input into:
- customerName
- userAddress
- deliveryDates (must resolve at least 1 date; otherwise ask a follow-up)
- product selection + modifiers
- specialRequests
Build payload in the exact API shape (see build_payload.py).
Send POST immediately (no "Dry-run vs Live" prompt), unless:
- address missing, OR
- no dates resolved, OR
- product not matched In those cases, ask only for the missing piece.
On success: confirm with cartNo.

Scripts

Dispatcher: scripts/handle_message.py
Parser: scripts/parse_roty_input.py
Matcher: scripts/match_product_and_modifiers.py
Pricing: scripts/pricing_engine.py
Payload: scripts/build_payload.py
POST sender (urllib): scripts/post_order.py
Products registry: data/products_roty.json
Allowlist: data/allowed_users.json

Comments

Loading comments...