WOL catering api
PassAudited by VirusTotal on May 9, 2026.
Overview
Type: OpenClaw Skill Name: wol-catering-api Version: 1.0.0 The skill is a legitimate integration for the Wake-up On LAN (WOL) catering API, allowing users to browse menus and place orders via curl. It uses standard environment variables (WOL_API_TOKEN) for authentication and interacts with a specific domain (wollan.nl). No indicators of malicious intent, data exfiltration, or unauthorized execution were found in SKILL.md or _meta.json.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could place an unintended catering order or create a balance owed if it misreads the user's request or product IDs.
The skill directs the agent to create an order through the API and defaults missing quantities to 1, but it does not require a final confirmation before submitting an account-affecting purchase.
Parse items from `$ARGUMENTS` ... Assume a quantity of 1 ... Build the JSON body and POST: `curl -s -X POST ... "$BASE_URL/api/v1/catering/orders"`
Require an explicit confirmation step showing product IDs, names, quantities, and total price before sending the POST request.
Anyone who can see the agent transcript or shell output might obtain the API token and use the user's catering account.
The API token is expected for this integration, but echoing it can expose the secret in terminal output, transcripts, or logs; asking users to paste it also needs careful handling.
Run these two shell commands to check for environment variables: `echo "${WOL_API_TOKEN}"` ... If `WOL_API_TOKEN` is empty, ask the user: "Please paste your API token..."Do not print the token. Check only whether it is set, redact any displayed value, and prefer secure environment configuration over pasting secrets into chat.