Swiggy
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: swiggy Version: 1.0.5 The skill is designed to interact with Swiggy's MCP servers for food, groceries, and restaurant bookings. Both the `SKILL.md` instructions and the `swiggy-cli.js` code implement robust safety checks, most notably requiring an explicit `--confirm` flag for all ordering and booking actions. The `swiggy-cli.js` uses `execSync` to call the `mcporter` utility, but this is done with hardcoded, legitimate Swiggy MCP server URLs and structured arguments, preventing arbitrary command execution or data exfiltration. There is no evidence of malicious intent, credential theft, persistence mechanisms, or harmful prompt injection attempts; in fact, the `SKILL.md` actively guides the agent towards safe, user-confirmed interactions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted restaurant query, delivery address, or copied item/restaurant ID could cause the local machine to run commands outside the Swiggy workflow.
argsJson contains user-supplied values such as searches, locations, item IDs, and addresses. Because it is inserted into a shell command inside single quotes, an input containing a single quote can break out of the quoting and execute unintended shell commands.
const { execSync } = require('child_process'); ... const cmd = `mcporter call --server "${MCP_SERVERS[server]}" --tool "${tool}" --args '${argsJson}'`; return exec(cmd);Do not install until the CLI is fixed to use execFileSync/spawn with an argument array, or otherwise strictly escape and validate all arguments before invoking mcporter.
If approved, the agent can create real COD orders or restaurant bookings that may not be cancelable.
The skill intentionally exposes tools that can place real food/grocery orders and bookings. The instructions disclose the impact and require confirmation, so this is purpose-aligned but high-impact.
Swiggy MCP currently supports **Cash on Delivery only**. Orders **cannot be cancelled** once placed. Always double-check before confirming.
Only approve after checking the cart, total, address, time, and guest count yourself.
The skill can use the authenticated Swiggy account for searches, carts, orders, and bookings.
OAuth account access is expected for a Swiggy ordering integration, but it delegates authority to act through the user's Swiggy account.
First use will trigger OAuth flow. Follow the prompts to authenticate with your Swiggy account.
Authenticate only the intended account, review any OAuth prompts, and revoke access if you stop using the skill.
Order history and delivery address information may remain available to future agent sessions or anyone with access to the skill memory files.
The skill instructs the agent to persist order details, including delivery address and order ID, in a memory file.
After successful order, append to `memory/swiggy-orders.json`: ... "address": "HSR Layout", "orderId": "..."
Inspect or delete the order log when needed, and avoid storing sensitive address details longer than necessary.
Installation may rely on a separately installed mcporter command; using the wrong or untrusted mcporter would affect what the Swiggy CLI actually runs.
The skill depends on external runtime tooling and an additional skill even though the registry requirements list no required binaries or install spec.
- Node.js ≥ 18 - `mcporter` skill (must be installed)
Install mcporter only from a trusted source and verify the swiggy command resolves to the reviewed local file before use.