saizeriya
PassAudited by ClawScan on May 5, 2026.
Overview
This skill is purpose-aligned for helping with a Saizeriya mobile-ordering CLI, with confirmation safeguards for real-world actions, but users should notice it runs external CLI packages and handles ordering session data.
This appears safe to install if you intend to let an agent operate a Saizeriya ordering CLI. Before use, confirm any submit/call action carefully, share only the QR/session data you want the agent to use, and consider pinning/reviewing the external CLI packages or setting a dedicated session storage directory.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used as intended, the agent may help place an order or call staff only after confirmation, but the user should carefully review those confirmations.
The skill can trigger real-world restaurant actions through the CLI, but it explicitly requires user confirmation for the highest-impact commands.
Ask for explicit confirmation before `submit`, `call staff`, or `call dessert`.
Only confirm submit/call actions after checking the exact restaurant session, cart contents, quantities, and intended action.
The agent may operate a dining session that could reveal receipt/account details and affect the current order.
A QR URL/session can delegate access to a live mobile-ordering session, including cart changes and account/receipt views.
start <name> <qrurl> ... manage a cart, view account or receipt details
Provide QR URLs or photos only for sessions you want the agent to operate, and avoid sharing sessions for other tables or accounts.
The runtime behavior depends on packages fetched or resolved outside this skill’s artifacts.
The skill relies on external CLI packages executed through npx/bunx without pinned versions in the provided artifacts.
npx saizeriya.js help ... npx -y qr-scanner-cli /path/to/qr-photo.jpg --clear
Use trusted package sources, consider pinning package versions, and review package provenance before using it in a sensitive environment.
Ordering session identifiers or state may remain on the local machine and be reused in later interactions.
The CLI may persist session state locally, and the skill can later list, resume, or remove those sessions.
Set `SAIZERIYA_CLI_HOME` only when the user wants a custom session storage directory. Otherwise let the CLI use its default session store.
Use a dedicated SAIZERIYA_CLI_HOME for sensitive sessions and remove sessions with the CLI when they are no longer needed.