wolt-cli

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent helper for a local Wolt CLI; it handles sensitive Wolt account data, but that access is disclosed and tied to its stated purpose.

Install only if you trust the separate `wolt` CLI and are comfortable letting an agent use your Wolt account. Avoid pasting tokens or cookies where they may be saved in shell history or logs, keep verbose diagnostics private, use masked payment output, and confirm every cart, address, favorite, or credential change before it runs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The manifest description contains broad trigger phrases like finding food on Wolt, inspecting catalogs, automating basket tasks, and debugging auth/location behavior without strong narrowing conditions. That can cause over-invocation on ordinary food, shopping, or account-related requests and may pull the agent into handling sensitive account state or commerce workflows when the user did not clearly intend to use this local CLI.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation explicitly encourages passing authentication tokens, refresh tokens, and cookies via CLI flags and storing auth via `configure`, but provides no warning about shell history exposure, process-list leakage, or local profile persistence. In a skill meant to automate a real consumer account, this increases the chance of credential compromise and unauthorized access to profile, payment, order, and address data.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The command reference documents account-affecting operations such as cart clear/remove, address add/update/remove/use, and favorites modification without any safety notice or confirmation guidance. In an agent skill context, these commands could be invoked on behalf of a user and cause unintended state changes to a live Wolt account, including loss of cart contents or modification of delivery addresses.

Credential Access

High

Category: Privilege Escalation
Content: 2. Selected profile auth fields 3. Default profile auth fields When refresh credentials are available, expired/401 access tokens are refreshed automatically and persisted back to local config. ## Location Rules
Confidence: 95% confidence
Finding: access tokens

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal