Pizza Agent (LAUNCH SPECIAL - 4.99)
ReviewAudited by ClawScan on May 8, 2026.
Overview
This looks like a coherent pizza-ordering instruction skill, but real use should carefully scope Google Sheets access and protect customer phone, address, and order data.
This skill does not show malicious code or hidden execution in the provided artifacts. Before installing it for a real shop, confirm exactly which Google Sheet it can access, how customer phone/address data is stored and deleted, and whether a human or explicit customer confirmation is required before an order is finalized.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or incomplete order could be sent to the kitchen or blocked by the agent unless confirmation controls are added.
The skill contemplates finalizing real pizza orders. That is purpose-aligned, but it affects customers and the restaurant if the deployed agent treats phone capture as sufficient approval.
**Mandatory Phone Log:** Never finalize an order without capturing a valid callback number.
Require a customer read-back and confirmation before finalization, and consider a human or POS approval step for production use.
If configured broadly, the agent could receive more Google Sheets access than it needs.
Google Sheets integration normally requires account credentials or delegated permissions, but the provided metadata does not describe credential scope.
- Integrates with Google Sheets for Menu and Order Logging.
Use a dedicated sheet or service account with read access only for menus and tightly scoped write access only for the order log.
Customer contact and location information may be stored in a shared spreadsheet or reused as agent context.
Delivery addresses and callback numbers are customer personal data, and the skill also says orders are logged to Google Sheets.
- Validates delivery addresses against a defined radius/zone. ... **Mandatory Phone Log:** Never finalize an order without capturing a valid callback number.
Define a retention policy, restrict spreadsheet sharing, avoid storing unnecessary personal data, and treat menu/order sheet content as untrusted input unless controlled.
The claimed delivery-zone and customization safeguards depend on configuration that was not available for review.
The skill references a ThumbGate configuration, but no corresponding config file, schema, or helper code is included in the provided artifacts.
Set your delivery radius in the ThumbGate config.
Verify the actual ThumbGate configuration and test the blocking rules before using the skill for live orders.