McDonald's China
ReviewAudited by ClawScan on May 1, 2026.
Overview
This skill is coherent for McDonald's China coupon lookup, but users should notice that it installs a third-party CLI, uses an account token, and includes an account-changing auto-claim command.
Before installing, confirm that you trust the ryanchen01 Homebrew tap and the mcd-cn CLI. Store MCDCN_MCP_TOKEN securely, use the default or another trusted MCP server, and run the auto-claim command only when you intend to change your coupon account state.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You will be running an externally supplied command-line tool to access the service.
The skill depends on installing an external CLI from a third-party Homebrew tap. This is expected for the stated CLI-based purpose, but the executable itself is outside the provided artifact contents.
Homebrew: `brew install ryanchen01/tap/mcd-cn`
Install only if you trust the upstream Homebrew tap and project source.
Anyone or anything using the token may be able to query or act on your McDonald's China MCP account within the CLI's permissions.
The skill requires a service token, which likely grants access to the user's McDonald's China MCP account functions. This is purpose-aligned and disclosed, with no artifact evidence of token misuse.
`MCDCN_MCP_TOKEN` required. Get it from the McDonald's China MCP console.
Use a token with the minimum needed permissions if available, avoid sharing it, and revoke it if you stop using the skill.
Running this command may claim or bind coupons on your account rather than only displaying information.
The documented command can perform an account-changing coupon claim action. This matches the stated auto-claiming purpose, but it is more sensitive than read-only coupon lookup.
Auto-claim coupons: `mcd-cn auto-bind-coupons`
Use the auto-claim command only when you intentionally want coupons claimed; prefer lookup commands for read-only tasks.
If you configure an untrusted custom server URL, your coupon queries and token-based requests may be directed to that server.
The skill can be configured to use a custom MCP server endpoint. This is disclosed and may be useful, but the chosen endpoint affects where account-related requests are sent.
Optional: `MCDCN_MCP_URL` for custom server URL.
Leave the default server unless you specifically trust the custom MCP server you configure.