wine & food
PassAudited by ClawScan on May 13, 2026.
Overview
This is a coherent Sippai restaurant wine-and-food lookup skill, with disclosed use of an external MCP endpoint and an optional Sippai API key.
This skill appears safe to install if you intend to use Sippai's MCP service for restaurant wine and dish lookups. Be aware that your restaurant or location queries go to Sippai, and only provide a scoped Sippai MCP API key if the service requires one. Avoid using the local stdio development command unless you have reviewed the separate local code it would run.
Publisher note
Markdown + JSON only; no bundled scripts or installers. Host connects via MCP over HTTPS to https://mcp.sipsiip.com/api/sippai. Optional SIPPAI_MCP_API_KEY is supplied by the deployer via environment variables; no secrets in the skill bundle.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Restaurant names, addresses, or location-based queries may be sent to Sippai's MCP service to retrieve menus and recommendations.
The skill sends restaurant search inputs, potentially including location coordinates, to an external MCP service; this is clearly disclosed and central to the skill's purpose.
仅经 MCP 连接 https://mcp.sipsiip.com/api/sippai 查询 Sippai 合作门店;关键词/坐标检索餐厅后拉瓶卖、杯卖酒单
Use the skill only if you are comfortable sharing those restaurant or location queries with Sippai, and keep the connection to the documented MCP endpoint.
A user or deployer may need to provide a Sippai-specific API key for the MCP gateway to work.
The skill may require a Sippai MCP API key for gateway access. This credential use is disclosed, service-specific, and no secret is bundled in the artifacts.
"SIPPAI_MCP_API_KEY": "若网关/后端要求检索密钥则填写,与后端 SIPPAI_MCP_API_KEYS(api/sippai 集成配置)一致"
Provide only a scoped Sippai MCP key through a secure host configuration, and do not reuse unrelated account credentials.
If a user copies the local stdio configuration, their host may run code from a separate local repository that was not part of this reviewed package.
The local-development MCP configuration references a Node/tsx entrypoint that is not bundled in this skill. It is marked as development-only and there is no automatic install or execution path.
"note": "生产远程宿主请改用 HTTP 连接 public_mcp_url;stdio 仅供本地开发", "command": "node", "args": ["--import", "tsx", "<单仓 MCP 网关入口,以仓库实际路径为准>"]
For normal use, prefer the documented remote HTTPS MCP URL. Only use stdio development mode after reviewing and trusting the local repository entrypoint.