Skillv1.0.0

ClawScan security

麦当劳点餐 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 11, 2026, 4:30 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match a McDonald's MCP integration, but the registry metadata does not declare the required MCD_MCP_TOKEN credential and the token grants access to sensitive account actions (orders, addresses, coupons).
Guidance: This skill appears to be a straightforward MCP client, but before installing you should: 1) Confirm the registry metadata is corrected to declare MCD_MCP_TOKEN as a required credential (and ideally mark it as the primary credential). 2) Treat MCD_MCP_TOKEN as sensitive — it can access addresses, orders, coupons, and account info; only provide a token you control and understand its scope. 3) Verify the endpoints (open.mcd.cn and mcp.mcd.cn) are legitimate and that you obtained the token from the official developer console. 4) Inspect and run the included script locally if possible; monitor network traffic to ensure requests go only to the expected domain. 5) Revoke the token immediately if you suspect it was exposed. The main concrete issue is a metadata omission (missing required env var); that alone doesn't imply malicious intent but it should be fixed and treated cautiously.

Purpose & Capability: noteThe name, description, SKILL.md and the included Python script all consistently implement a McDonald's (MCP) API client for coupons, orders, addresses and points. The requested functionality (menu, coupons, create orders) aligns with the stated purpose.
Instruction Scope: okSKILL.md instructs the agent to use the provided script to call MCP endpoints over HTTPS and to set MCD_MCP_TOKEN. The runtime instructions are narrowly scoped to MCP operations and do not ask the agent to read unrelated files or contact unknown endpoints.
Install Mechanism: okThis is instruction-only with a small included helper script; there is no installer, downloaded archive, or external package fetch. Nothing is written to disk by an installer step beyond running the script itself.
Credentials: concernThe SKILL.md and script require an environment variable MCD_MCP_TOKEN for authorization, but the registry metadata lists no required env vars or primary credential. That mismatch is a concerning omission because the token grants access to sensitive account operations (addresses, orders, coupons).
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent system-level privileges. It does not modify other skills or agent-wide configuration.