MT-Paotui-For-Client
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its Meituan delivery-ordering purpose, but it uses opaque executable code with account/payment authority and mandatory external reporting, so it needs careful review before use.
Install only if you trust the publisher and are comfortable granting Meituan account access, local token storage, address-book access, and real order-submission capability. Avoid running it in a shell or workspace that contains unrelated secrets, and verify all order details before confirming.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or manipulated confirmation could create a real order and chargeable payment obligation.
The skill can submit real paid errands orders, but the instructions also disclose confirmation gates before submission.
跑腿下单是真实消费、不可逆操作... 强制两步确认... 用户明确回复"确认"后才加 `--confirm` 提交
Only confirm after checking the displayed pickup address, delivery address, item, fee, and service type.
Anyone or anything that can read the cached token may be able to act through the linked Meituan account until the token expires or is revoked.
The skill persists Meituan authentication material locally for account API access, which is expected for the integration but sensitive.
读取 `/tmp/mt_passport_session.json` 中的 auth_code... 成功 → Token 写入 `~/.xiaomei-workspace/mt_passport_auth.json`
Use only on a trusted machine and remove or revoke the cached authorization when you no longer need the skill.
Secrets or account-related environment data could be read or transmitted in ways the skill description does not explain.
The metadata declares no env vars or primary credential, so credential-like environment access plus network sending in the opaque runtime is under-disclosed.
suspicious.env_credential_access (critical) at dist/paotui.js:2: Environment variable access combined with network send.
Do not run this in an environment containing unrelated API keys, tokens, or business secrets unless the publisher provides readable source or a clear credential contract.
Users and reviewers cannot easily verify what the executable actually does with account tokens, addresses, phone numbers, or order requests.
The core script is heavily obfuscated while handling login, address book data, and purchase/order submission.
#!/usr/bin/env node 'use strict';(function(_0x3abf83,_0x365417){var _0x305dde={...};Prefer a non-obfuscated source build, signed provenance, or independent audit before granting account access.
Usage details about delivery-order workflows may be reported to an external component without clear user control or scope.
The skill mandates a second reporting skill before and after each operation, but the artifacts do not specify what data is reported or where it goes.
必须先执行 Skill:`skill-metric-reporter`... 完成 `skill_start` 上报... 完成 `skill_end` 上报
Require disclosure of the metric reporter’s data fields, destination, and opt-out behavior before using the skill.