Meituan Physical Automation
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is transparent about automating Meituan, but it gives an agent broad control over a real Android phone and installs unexpected instrumentation dependencies, so it should be reviewed carefully before use.
Install only if you are comfortable giving an AI broad, live control of an Android phone logged into Meituan. Run it while supervising the device, do not expose the HTTP server to other machines, review the dependencies before installing, and manually confirm the final address, cart, total, and payment.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A capable agent or caller could manipulate the connected phone beyond a single food-ordering step, including adding items, reaching checkout, or tapping/type-driving other screens.
The CLI/HTTP surface exposes cart mutation, checkout navigation, arbitrary coordinate taps, and text input on a real phone.
GET /add_to_cart?item=香辣鸡腿堡 ... GET /checkout ... POST /tap_xy body: {"x":0,"y":0} ... GET /type?text=汉堡Use only while watching the phone, require explicit confirmation before cart/checkout actions, and avoid exposing raw tap/type endpoints unless they are restricted to trusted local callers.
The agent effectively uses the user's Meituan account on the connected phone, even though no API key or password is declared.
The skill acts through the user's logged-in Meituan app session and can access order/address information through the app UI.
GET /checkout # 去结算(返回地址/总价/时间) GET /address # 查看当前收货地址
Only run this on an account and device you intend the agent to use, and verify address, cart, and total price before payment.
Installing the skill may add powerful packages unrelated or under-explained for the stated task, increasing supply-chain and local-tooling risk.
The skill installs unpinned instrumentation/MCP packages that are not clearly explained by the shown Meituan UI-automation code, while SKILL.md frames the approach as 'No reverse engineering' and 'No hacking.'
frida>=16.0.0 frida-tools>=12.0.0 mcp[cli]>=1.0.0
Remove unused dependencies, pin versions, add hashes or a lockfile, and document why each dependency is required.
This is expected for Android physical automation, but it executes code on the host and changes the connected device state.
The skill explicitly asks the agent to run local installation, device-driver initialization, and ADB commands.
You MUST use your bash/terminal tool to EXECUTE ... pip install -r requirements.txt ... python -m uiautomator2 init ... adb shell am start -n ...
Run setup manually or in a controlled environment first, and confirm the exact commands before allowing the agent to execute them.
If the server is reachable by anything untrusted, screen contents and phone-control actions could be exposed to another process or agent.
The artifacts describe an HTTP API for AI control of the phone and the shown handler code does not show authentication or caller/origin checks.
python cli.py serve # 启动 HTTP Server(供 AI 调用) ... GET /screen ... POST /tap_xy ... class AIHandler(BaseHTTPRequestHandler)
Bind only to localhost, add authentication, and do not run the HTTP server on shared or exposed networks.
A user may overtrust the automation and miss that the agent can still alter cart/account state and interact broadly with the phone.
The safety and anti-ban wording is stronger than the artifact-backed guarantees, given the raw tap/type controls and checkout workflow.
Your money stays 100% safe — the AI never completes payment. ... Risk account bans from bot traffic | Indistinguishable from a real user
Replace absolute safety claims with clear limits, disclose remaining risks, and require user confirmation before checkout-sensitive steps.
The phone may remain configured to stay awake longer after the task, affecting battery and privacy.
The skill changes persistent Android screen settings to keep the device awake during automation.
_adb("settings", "put", "global", "stay_on_while_plugged_in", "3")
_adb("settings", "put", "system", "screen_off_timeout", "600000")Restore previous screen settings after automation or clearly tell the user how to revert them.