Skillv1.1.0

ClawScan security

Foodpanda.ph Ordering · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 4, 2026, 2:30 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose (ordering via a CLI) but there are coherence issues (undeclared prerequisites, an unverified npm install, and an automatic browser-login/token capture) that merit caution.
Guidance: This skill appears to be what it claims (a foodpanda CLI workflow), but exercise caution before installing and running it: - The SKILL.md requires Node.js/npm and tells you to run 'npm install -g foodpanda-cli', yet the registry metadata did not declare these prerequisites — that's an inconsistency to be aware of. - Installing an unverified npm package globally can run arbitrary code on your machine. Look up 'foodpanda-cli' on the npm registry and verify the package owner, homepage, repository, and recent activity before installing. Prefer packages with a public repo and clear maintainer identity. - The tool opens a browser for login and 'captures the session token automatically.' Confirm where the token is stored (local file/OS keyring) and that you trust the package to handle credentials safely. - Because there is no homepage/source in the skill metadata, try to find the package on npmjs.com or GitHub. If you cannot verify the publisher or source code, consider running it in a sandboxed environment or avoid installing it. - Always follow the skill's own rule: require explicit user confirmation before running the final 'order' command to avoid accidental purchases. If you can verify the npm package and its repository, the risk is lower. If you cannot verify it, treat this skill as untrusted and avoid installing globally on a primary machine.

Review Dimensions

Purpose & Capability: concernThe SKILL.md clearly documents a foodpanda-cli workflow and all commands align with the described purpose. However, the registry metadata lists no required binaries while the SKILL.md explicitly requires Node.js 18+ and npm and instructs the user to run 'npm install -g foodpanda-cli' — a mismatch between declared requirements and the actual instructions.
Instruction Scope: noteInstructions stay within ordering-related tasks (location, search, menu, cart, preview, order). They also instruct to open a browser for login and state 'The session token is captured automatically.' Capturing session tokens is expected for CLI OAuth flows, but it is sensitive behavior and should be explicitly validated by the user (verify how/where the token is stored and that the package is trustworthy).
Install Mechanism: concernThere is no formal install spec in the skill bundle; instead the SKILL.md tells the user to run 'npm install -g foodpanda-cli'. Installing an npm package globally can execute arbitrary code on the host. This is a standard distribution method but the package source (no homepage or repo listed in the skill metadata) is unverified, increasing risk.
Credentials: okThe skill does not request environment variables, credentials, or config paths beyond normal CLI use. No excessive or unrelated secrets are declared.
Persistence & Privilege: okThe skill is instruction-only, has always:false, and does not request persistent platform privileges. It does require local execution (Node/npm and global install) but does not modify other skills or system-wide agent settings according to the provided metadata.