Swiggy
WarnAudited by ClawScan on May 10, 2026.
Overview
The Swiggy skill is mostly purpose-aligned, but its CLI builds shell commands from user-supplied order/search fields in a way that can allow command injection.
Review this skill carefully before installing. Its Swiggy purpose and confirmation workflow are clear, but the included CLI should be fixed because crafted input could escape into a local shell command. If you still test it, use a non-sensitive environment, verify mcporter is trusted, and manually confirm every cart, address, total, and booking detail.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted restaurant query, delivery address, or copied item/restaurant ID could cause the local machine to run commands outside the Swiggy workflow.
argsJson contains user-supplied values such as searches, locations, item IDs, and addresses. Because it is inserted into a shell command inside single quotes, an input containing a single quote can break out of the quoting and execute unintended shell commands.
const { execSync } = require('child_process'); ... const cmd = `mcporter call --server "${MCP_SERVERS[server]}" --tool "${tool}" --args '${argsJson}'`; return exec(cmd);Do not install until the CLI is fixed to use execFileSync/spawn with an argument array, or otherwise strictly escape and validate all arguments before invoking mcporter.
If approved, the agent can create real COD orders or restaurant bookings that may not be cancelable.
The skill intentionally exposes tools that can place real food/grocery orders and bookings. The instructions disclose the impact and require confirmation, so this is purpose-aligned but high-impact.
Swiggy MCP currently supports **Cash on Delivery only**. Orders **cannot be cancelled** once placed. Always double-check before confirming.
Only approve after checking the cart, total, address, time, and guest count yourself.
The skill can use the authenticated Swiggy account for searches, carts, orders, and bookings.
OAuth account access is expected for a Swiggy ordering integration, but it delegates authority to act through the user's Swiggy account.
First use will trigger OAuth flow. Follow the prompts to authenticate with your Swiggy account.
Authenticate only the intended account, review any OAuth prompts, and revoke access if you stop using the skill.
Order history and delivery address information may remain available to future agent sessions or anyone with access to the skill memory files.
The skill instructs the agent to persist order details, including delivery address and order ID, in a memory file.
After successful order, append to `memory/swiggy-orders.json`: ... "address": "HSR Layout", "orderId": "..."
Inspect or delete the order log when needed, and avoid storing sensitive address details longer than necessary.
Installation may rely on a separately installed mcporter command; using the wrong or untrusted mcporter would affect what the Swiggy CLI actually runs.
The skill depends on external runtime tooling and an additional skill even though the registry requirements list no required binaries or install spec.
- Node.js ≥ 18 - `mcporter` skill (must be installed)
Install mcporter only from a trusted source and verify the swiggy command resolves to the reviewed local file before use.