Walmart
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: walmart Version: 1.0.1 The Walmart skill bundle is a well-structured set of instructions for managing grocery orders and household restocks. It includes comprehensive safety guardrails, explicitly prohibiting the collection of sensitive data like passwords, payment credentials, or medical information, and mandates explicit user confirmation for high-impact actions such as placing orders or pharmacy refills. The skill uses local file storage in `~/walmart/` for persistence and interacts only with legitimate Walmart domains (walmart.com, walmartapis.com) for its stated automation and planning purposes.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If browser-assisted mode is enabled, mistakes could affect a real Walmart cart or order, though the skill instructs the agent to get confirmation before final changes.
Browser automation can modify a cart or ordering workflow, but the instructions frame this as user-mediated and confirmation-gated.
Good browser-automation tasks: add or remove items from a draft basket; set fulfillment mode to pickup, delivery, or shipping; ... require explicit confirmation before checkout or order mutation
Use planning-only mode unless you want browser assistance, keep the browser session visible, and confirm every checkout or order-change step yourself.
The agent may see account/order pages and help with actions tied to the user's Walmart account if the user enables that mode.
The skill may operate inside the user's Walmart account session for live ordering or support, including sensitive account-adjacent workflows, but it discloses this and requires confirmation.
For live ordering or account support: access to the user's Walmart site or app session ... For pharmacy-related tasks: explicit user confirmation before any refill or account change workflow
Do not share passwords, payment details, insurance information, or prescription identifiers in chat; log in directly through Walmart and approve only the specific account actions you want.
Local notes could reveal household shopping patterns, preferences, budget, allergies, or substitution rules and may affect future recommendations.
The skill maintains persistent local shopping context that can influence future baskets, while setting clear limits on what should be stored.
Store only approved local notes in ~/walmart/: store choice, pack size preferences, restock cadence, and substitution boundaries. Never store payment data, login secrets, insurance information, or detailed medical data.
Review the ~/walmart/ notes periodically, keep sensitive health/payment/account details out of them, and correct or delete outdated preferences.