ClawHub

Food402 - TGO Yemek

Security checks across malware telemetry and agentic risk

Overview

This food-ordering skill is purpose-aligned, but it handles real payments and account sessions with safeguards that need review before use.

Install only if you are comfortable giving the skill access to your TGO account, delivery addresses, cart, saved-card flow, and order history. Confirm the restaurant, items, address, total, and card before checkout; avoid shared machines unless token storage is fixed; and provide a Google Places API key only if you need review lookup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The metadata advertises checkout with 3D Secure payment, but later payment examples explicitly set customerSelectedThreeD to false. This inconsistency can mislead users and agent runtimes into believing stronger payment verification is enforced when it may actually be bypassed or omitted.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The place_order section claims a 3D Secure flow but the shown payment submission sends customerSelectedThreeD as false in multiple fields. In a payment skill, contradictory guidance about authentication strength is dangerous because it can lead to weaker-than-expected cardholder verification and unauthorized or disputed transactions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script takes arbitrary HTML input, writes it to a local file, and launches it in the user's default browser with no validation, sandboxing, or user confirmation. In this skill's payment context, that enables browser-based phishing or deceptive 3D Secure pages that can harvest card credentials, OTPs, or session data while appearing to be part of a legitimate checkout flow.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script writes the authentication token to /tmp/food402-token and stores expiry metadata in /tmp/food402-token-expiry without setting restrictive permissions or using a user-private secure storage location. On multi-user systems or shared runtime environments, other local processes may read or race on these predictable files and reuse the bearer token to access the victim's food delivery account.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal