Food Delivery
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: food-delivery Version: 1.0.0 The OpenClaw AgentSkills skill bundle is designed for food delivery automation, storing user preferences and order history locally in `~/food-delivery/` markdown files. It explicitly states that it does NOT store sensitive information like account credentials, payment details, or exact addresses. While it uses browser automation to place orders, the instructions clearly define its scope to legitimate food delivery platforms, require explicit user confirmation before placing an order, and do not contain any directives for data exfiltration, malicious execution, persistence, or prompt injection beyond its stated purpose. The `mkdir -p` command for setup is a benign operation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent is given control of the browser, it may place a paid food order once you confirm.
The skill authorizes browser automation to complete a real checkout, but it also explicitly gates that action on user confirmation.
Only after explicit "yes" / "confirm" / "order it": - Complete checkout
Before confirming, review the restaurant, items, delivery address, total cost, fees, tip, and ETA.
The agent may operate within your logged-in delivery accounts and interact with saved address and payment settings.
The skill relies on existing delivery-account sessions and stored payment/address details, which is expected for ordering but is sensitive account authority.
User provides: - Delivery app credentials (stored in their browser/app) - Delivery address (configured in their apps) - Payment methods (configured in their apps)
Use only with delivery accounts you intend the agent to access, and keep final checkout approval enabled.
Personal food, allergy, household, and order-history details may persist locally and influence future recommendations.
The skill maintains persistent local memory that can include allergies, dietary restrictions, food preferences, restaurants, orders, and household members.
All learned data stored in `~/food-delivery/` files.
Review the ~/food-delivery/ files periodically, remove stale or sensitive entries, and keep the directory private.
The agent could bring up food deals or reorders outside a direct ordering request.
The skill includes agent-initiated food suggestions and reminders. This is related to the stated purpose, but users should decide whether they want proactive prompts.
Proactive Suggestions ... Notify of flash sales on favorite restaurants ... Remind of unused loyalty points
Set clear preferences for whether proactive food suggestions are allowed, and disable them if they become distracting.