ClawHub

麦当劳点餐

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says, but it gives an agent live McDonald's account powers without enough built-in confirmation or privacy guardrails.

Install only if you are comfortable giving the agent access to a live McDonald's China account token. Before using it, require the assistant to show the exact items, address, store, price, fees, coupons, and points impact, and approve each order, redemption, address change, or bulk coupon claim explicitly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documents use of both environment variables and outbound network access to a live McDonald's MCP endpoint, but it does not declare permissions or make those capabilities explicit to the user/runtime. That mismatch can undermine least-privilege controls and informed consent, especially because the skill can access account-linked data and perform actions against a real service.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger text includes broad consumer terms such as '麦当劳', 'McDonald's', and related brand phrases that are likely to appear in ordinary conversation, which can cause unintended activation. Because this skill can query account data, claim coupons, and initiate ordering flows, accidental invocation increases the risk of privacy exposure or unintended transactional actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes workflows for auto-claiming coupons, querying account information and delivery addresses, and creating food or points-mall orders, but it does not warn users that these are account-affecting and potentially irreversible actions. In this context, the absence of explicit warnings and approval gates is dangerous because the skill interfaces with a real authenticated consumer account and can expose personal data or spend value.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This documentation exposes account-mutating operations like creating delivery addresses, creating food delivery orders, and redeeming points orders without any warning that they trigger real-world actions and may spend money, consume points, or alter saved account data. In an agent setting, this increases the risk that an LLM or user invokes these tools without explicit confirmation, causing unauthorized purchases or persistent account changes.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The documented auto-bind-coupons operation changes the user's coupon wallet by automatically claiming all available coupons, but the reference does not warn that this mutates account state. While lower impact than order creation, silent account changes can still violate user intent, create confusion, and train an agent to perform write actions without consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal