ClawHub

mcd-mcp-skills

v1.0.0

麦当劳MCP平台集成,提供餐品营养查询、外送点餐、配送地址管理、优惠券管理、积分兑换等20个完整功能;当用户需要查询麦当劳餐品营养、下单外卖、管理地址、查询或领取优惠券、兑换积分商品时使用

0· 123·0 current·0 all-time
by末心@moxin1044
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description promise McDonald's MCP integration (menu, nutrition, address, coupons, orders). The package only requires a single MCP token and the included client script communicates with https://mcp.mcd.cn. The requested credential and network target match the stated purpose.
Instruction Scope
SKILL.md instructs the agent to run the included CLI script with explicit commands (list-nutrition-foods, query-meals, create-order, etc.). Instructions do not ask the agent to read unrelated files or environment variables, nor to transmit data to unexpected endpoints; they are scoped to MCP API interactions. The SKILL.md warns about destructive actions (e.g., spending points) and defines required parameters.
Install Mechanism
There is no install spec (instruction-only installer). A single Python script is included. The script uses either a special workload-identity requests wrapper (coze_workload_identity.requests) if present or falls back to standard requests; SKILL.md states dependencies are preinstalled. No downloads from arbitrary URLs or archive extraction are present.
Credentials
Only one environment variable is required: MCD_MCP_TOKEN (declared as primaryEnv). The script reads exactly that env var for authorization. No unrelated secrets, system config paths, or additional credentials are requested.
Persistence & Privilege
The skill does not request always:true and uses default autonomous invocation settings. It does not modify other skills or system-wide settings. No persistent/install-time privileged behavior is present in the provided artifacts.
Assessment
This skill appears coherent with its description, but you should still exercise normal caution before granting the MCP token. Confirm that: (1) your MCD_MCP_TOKEN is obtained from the official open.mcd.cn developer portal, (2) you trust the mcp.mcd.cn endpoint (the script posts to https://mcp.mcd.cn/), and (3) you understand destructive commands (create-order, mall-create-order, delivery-create-address, auto-bind-coupons) will perform actions on your account — require explicit confirmation before invoking them. If you have concerns, review the remainder of scripts/mcd_mcp_client.py (full CLI mapping) to ensure there are no hidden commands, run the client in an isolated environment, and rotate the token if you later suspect misuse.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cadf9xgp6v2pjcckbj0476x83gd5x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvMCD_MCP_TOKEN
Primary envMCD_MCP_TOKEN

Comments