ClawHub

Food Delivery

v1.0.0

Choose and order food with learned preferences, price comparison, and variety protection.

6· 707·4 current·4 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (choose and order food) align with what the skill does: it stores preferences locally, compares platforms, and places orders via browser automation. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
SKILL.md confines data read/write to ~/food-delivery/ (memory.md, restaurants.md, orders.md, people.md) and describes explicit ordering steps. This is within scope, but the ordering instructions require controlling the user's logged-in browser session and interacting with payment methods in the browser — an implicit sensitive capability. The skill correctly requires explicit user confirmation before checkout.
Install Mechanism
Instruction-only skill with no install spec or external downloads. No code is written to disk by the skill itself beyond the user-created ~/food-delivery/ files.
Credentials
The skill requests no environment variables or external credentials (proportionate). However, it depends on the agent having browser automation capability and access to the user's logged-in browser sessions and payment methods; that implicit access is the main sensitivity to consider.
Persistence & Privilege
always is false and the skill stores only its own data under ~/food-delivery/. It does not request system-wide changes or other skills' configurations and promises not to modify SKILL.md.
Assessment
This skill appears to be what it says: it will learn preferences in files under ~/food-delivery/ and use browser automation to place orders using whatever is already configured in your delivery apps and browser. Key things to consider before installing: 1) Browser access: the agent needs to drive your logged‑in browser sessions and may trigger real purchases—ensure you trust the agent's automation capabilities and that explicit confirmation before checkout is enforced. 2) Payment privacy: the skill does not ask for card credentials but will use payment methods stored in your apps; protect your browser/profile. 3) Local storage: preference and order history are stored in ~/food-delivery/ — if that directory contains sensitive info, move or protect it and periodically prune orders.md (it already recommends 14 days). 4) Test safely: try a dry run or a low-cost order to confirm the confirmation/checkout flow behaves as you expect. 5) If you don't want the agent to be able to place orders autonomously, ensure your platform or agent can restrict browser automation or require manual approval for checkout.

Like a lobster shell, security has layers — review code before you run it.

latestvk976nqdkw7779qn0hkn759vfed81ap9v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🍕 Clawdis
OSLinux · macOS · Windows

Comments