ClawHub

wolt-cli

v1.0.0

Use Nikita's local Wolt CLI to browse venues, inspect menus/items/options, and run profile, cart, and checkout-preview actions for wolt.com from terminal. Tr...

0· 516·0 current·0 all-time
byNikita R@mekedron·duplicate of @mekedron/wolt
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the SKILL.md and reference docs: the skill expects a local 'wolt' binary, documents commands for browsing venues, inspecting items, managing a cart, and previewing checkout. There are no unexpected required env vars, binaries, or unrelated services requested.
Instruction Scope
Runtime instructions are narrowly scoped to invoking the local 'wolt' CLI, parsing its machine-readable envelope, following location/auth rules, and requiring explicit confirmation before mutating operations. The SKILL.md does instruct writing/reading local profile auth config (via the CLI's `configure`), which is consistent with the stated purpose.
Install Mechanism
No install spec is provided (instruction-only). The SKILL.md points to the GitHub repo for build/setup but does not command downloading or executing remote artifacts on its own—this is low-risk and consistent with an instruction-only skill.
Credentials
The skill does not declare any required env vars or credentials. However, it explicitly expects authentication tokens (wtoken/wrtoken/cookies) to be supplied either via flags or persisted by the CLI into local profile config. That behavior is proportional to interacting with an authenticated user account, but users should be aware sensitive tokens may be written to local config by the CLI.
Persistence & Privilege
always:false (normal). The CLI can persist refresh/access tokens to local profile configuration when `wolt configure` is used; the SKILL.md requires confirmation for mutating commands but autonomous agent invocation is allowed by default. This combination is reasonable for a CLI integration but means the agent could perform mutations if allowed and given credentials—users should ensure prompts/confirmations are enforced.
Assessment
This skill is internally consistent with its purpose, but before installing: (1) ensure you have or will build the 'wolt' binary from the referenced GitHub repo and that you trust that source; (2) be aware the CLI can accept and persist authentication tokens to local profile config—avoid giving long-lived credentials unless you trust the environment; (3) verify the local config path the CLI uses (so you know where tokens will be stored) and consider using ephemeral credentials or an isolated environment; (4) keep the safety rules in mind: the skill's docs require explicit confirmation before mutating commands, but autonomous agent invocation is allowed by default, so ensure the agent prompts you before performing cart/profile mutations; (5) if you need further assurance, inspect the upstream repository code for how it stores tokens and performs network calls before granting credentials.

Like a lobster shell, security has layers — review code before you run it.

deliveryvk971d598t6mygm25wprwdmc9qs81h3h9foodvk971d598t6mygm25wprwdmc9qs81h3h9groceryvk971d598t6mygm25wprwdmc9qs81h3h9latestvk9742vr1pe3bw2jsvmnkxjhebn81ny5kwoltvk971d598t6mygm25wprwdmc9qs81h3h9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments