ClawHub

Food Delivery

Security checks across malware telemetry and agentic risk

Overview

This food-delivery skill is purpose-aligned and transparent overall, but users should understand it can use logged-in delivery apps and keep local food/order history.

Use this skill only if you are comfortable letting an agent operate your logged-in delivery apps and place orders after your explicit confirmation. Review the cart, address, total, fees, tip, and ETA before approving checkout, and keep ~/food-delivery private; delete or edit those files if you do not want allergy, household, preference, or order-history details retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill explicitly stores preference, restriction, household, and order-history data in local files under ~/food-delivery/, but it does not provide a clear privacy notice, consent workflow, retention policy, or guidance on securing that data. While this is not inherently malicious, the stored data can reveal sensitive dietary restrictions, allergies, routines, and household information, which could be exposed to other local users, backups, or compromised processes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs consulting orders.md to repeat a prior order, but it does not require notifying the user that stored order history is being accessed or obtaining confirmation before using that personal history. This creates a privacy/transparency issue because behavioral preference data and purchase history may be used implicitly, which can surprise users and expose sensitive habits.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The group-order flow instructs the agent to check people.md for known members and their restrictions without clearly telling the current user that data about other people may be consulted. This is risky because it can disclose or rely on third-party personal data, including dietary or health-related restrictions, without transparency or permission from those individuals.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill directs the agent to update persistent files such as restaurants.md and orders.md after delivery, but it does not require notifying the user or obtaining consent for that data retention. In a food delivery context, these records can reveal behavioral patterns, preferences, order history, and potentially sensitive dietary or health-related information, creating a privacy risk if stored silently.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal