Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Instacart
v0.1.0Place grocery orders on Instacart via browser automation. Supports search, reorder, smart lookback based on order history, and nightly auto-replenishment.
⭐ 0· 351·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description and required binaries (openclaw for browser automation) align with the stated purpose. The inclusion of the 'gog' CLI in the required binaries is plausible for fetching verification codes but the registry metadata marks it as unconditionally required even though the SKILL.md only needs it if INSTACART_CODE_EMAIL is set — a minor mismatch.
Instruction Scope
The SKILL.md explicitly instructs the agent to read an env file (e.g. .env.personal) and memory/instacart-storefronts.json before opening the browser. It does not strictly constrain the read to only the INSTACART_* variables, which risks exposing other secrets contained in that file. The skill also instructs the agent to fetch verification codes from the user's email using the gog CLI (if INSTACART_CODE_EMAIL is set), and to run local openclaw browser stop/start/status commands if the browser subsystem crashes — all of which are within scope for browser automation but increase the set of sensitive data and local actions the agent will touch.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is downloaded or written to disk during install — low installation risk.
Credentials
Only INSTACART_URL and INSTACART_EMAIL are declared as required env vars (and an optional INSTACART_CODE_EMAIL). However the instructions request reading an env file directly, which can expose unrelated environment variables and secrets if that file contains more than the declared INSTACART_* entries. Requiring the gog binary is reasonable for automated code retrieval but is over-broad if it's listed as always required when it is only used conditionally.
Persistence & Privilege
always is false and the skill does not request modification of other skills or global agent settings. Model invocation is enabled (normal), so the agent could run this skill autonomously when eligible — note this is normal but increases blast radius if combined with other issues.
What to consider before installing
This skill largely does what it says (it drives a browser to place Instacart orders), but before installing you should: (1) inspect any .env or .env.personal file you use and avoid putting unrelated secrets there — ideally provide a dedicated env file with only INSTACART_* values so the skill can read only what it needs; (2) only set INSTACART_CODE_EMAIL if you are comfortable allowing the gog CLI to access that mailbox (use a dedicated mailbox or service account); (3) confirm the openclaw browser profile contains the saved address/payment methods the skill expects so it doesn't prompt for additional sensitive actions; (4) prefer running this skill in an isolated environment (separate agent/user profile) to limit exposure of other credentials; and (5) ask the skill author to clarify and tighten instructions so the agent reads only the required variables (not the entire env file) and to make gog truly optional in the metadata.Like a lobster shell, security has layers — review code before you run it.
latestvk971jfxpxz5prz8sgeat8xhxzn8233t2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛒 Clawdis
Binsopenclaw, gog
EnvINSTACART_URL, INSTACART_EMAIL