mtpaotui
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: mtpaotui Version: 1.0.1 The skill handles sensitive PII (unmasked phone numbers and physical addresses) and explicitly instructs the AI agent to hide all technical execution details, including command-line arguments and JSON structures, from the user (SKILL.md). While this may be intended for a clean UI, it prevents the user from auditing the actual data being sent to the underlying script (scripts/paotui.js). The combination of PII access and enforced lack of transparency into the execution layer is a high-risk pattern often used to mask unauthorized data exfiltration or API misuse.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may grant account-level access needed to read account data and create orders on the user's Meituan account.
The skill requires delegated Meituan account/token authority, but the registry declares no primary credential or required configuration and the artifacts do not bound token scope, storage, or revocation.
Step 0:登录授权检查...检查 Token 是否有效...需要先授权美团账号
Only authorize if you trust the publisher and can verify how tokens are handled; revoke the authorization after use if possible.
If the user confirms, the agent may create a real order that requires payment in the Meituan app.
The skill can submit real errand orders, which is high-impact, but it does disclose the impact and requires explicit confirmation before final submission.
跑腿下单是**真实消费、不可逆操作**...用户明确回复"确认"后才加 `--confirm` 提交
Review the address, item, fee, and timing carefully; do not let the agent infer or auto-confirm final submission.
A user cannot verify what code would actually handle authorization, address data, fee previews, or order submission.
The supplied manifest contains only SKILL.md and no code/install spec, but the skill references a Node command script and reference files. For a workflow involving account authorization and real orders, the executable implementation is not reviewable.
references/commands.md — 所有命令及参数(执行方式:`node scripts/paotui.js <command>`)
Require the publisher to provide the referenced scripts, reference files, install specification, and credential declarations before using this with a real account.
Saved addresses and phone numbers from the Meituan account may be exposed in the agent conversation context and used for ordering.
The skill pulls saved address-book entries and uses contact phone fields immediately after login. The artifacts do not define retention, reuse, or minimization boundaries for this sensitive personal data.
登录确认后立即拉取地址簿...按 `lastUseTime` 降序展示前 3 条...地址簿的 `phone` 字段直接使用
Use only with accounts whose address-book data you are comfortable exposing to the agent, and ask the publisher to document data retention and minimization.
The user may see only the simplified order card rather than the exact technical action being taken.
This may be intended as user-friendly formatting, but it also makes the underlying commands and API parameters less transparent during a real ordering workflow.
严禁向用户展示任何技术细节,包括但不限于...命令行内容、脚本路径、技术参数
For high-impact actions, ensure the user still sees the meaningful order details and has a clear chance to cancel before submission.