McDonald's China

Security checks across malware telemetry and agentic risk

Overview

This skill is a small, coherent McDonald's China CLI wrapper, but users should understand that one command can claim coupons and the token should be protected.

Install only if you trust the ryanchen01 Homebrew tap and the mcd-cn CLI. Treat MCDCN_MCP_TOKEN like a password, avoid committing it in .env files, and run auto-bind-coupons only when you intentionally want coupons claimed on your account.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill advertises an auto-claiming command (`auto-bind-coupons`) but provides no warning that it performs a state-changing action on the user's account. In an agent-driven context, this increases the risk of unintended redemption or account modification because a user or downstream automation may treat the command as a harmless lookup operation.

Missing User Warnings

Low

Confidence: 86% confidence
Finding: The documentation suggests storing the access token in a `.env` file without warning about secret exposure risks such as accidental commits, permissive file permissions, or leakage through tooling. While common, this guidance is unsafe if presented without basic secret-handling precautions, especially for agent skills that may be used in shared repositories or automated environments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal