Chinese Restaurants
v0.1.0Find nearby Chinese restaurants. Invoke when user asks for Chinese food near me.
⭐ 0· 90·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name and description match the instructions: the skill accepts a location and filter params and returns a standardized POI list for the category 'chinese-restaurants'. It requires no binaries, env vars, or installs, which is proportionate to the stated purpose. Note: SKILL.md references STANDARD_RESPONSE.md but that file is not included, which makes the exact response contract unclear.
Instruction Scope
Runtime instructions stay within the skill's domain (query nearby POIs, apply filters, enforce privacy guidance). However, the SKILL.md does not specify data providers, API endpoints, or how to perform queries; that vagueness gives the agent broad discretion to call arbitrary external services, which increases privacy risk if not constrained. The doc does mention privacy practices (only query with user consent, grid/blur coordinates), which is a positive sign.
Install Mechanism
No install spec and no code files — this is instruction-only and does not write or execute new code on the host, so install-related risk is minimal.
Credentials
The skill requires no environment variables, credentials, or config paths. This is appropriate for a simple nearby-POI lookup and minimizes risk of credential exposure.
Persistence & Privilege
always:false and user-invocable:true (defaults) — the skill does not request persistent elevated presence or modify other skills. No indications it would store or access system-wide settings.
Assessment
This skill appears coherent and low-risk, but before installing ask: (1) which data provider or API will the agent call to get POIs? (2) where will the user's precise location be sent and stored — confirm there are prompts and that coordinates are blurred or cached as promised; (3) obtain the STANDARD_RESPONSE.md to verify the response format; and (4) if you require provider-specific credentials (Maps/Places API), ensure they are provided explicitly and only to a vetted implementation. If the skill's implementation is left open-ended, consider requesting a concrete provider list or restricting outbound network destinations to trusted APIs to reduce privacy risk.Like a lobster shell, security has layers — review code before you run it.
latestvk97f8zvq31hwta6y1mrpaztzeh83f745
License
MIT-0
Free to use, modify, and redistribute. No attribution required.