Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
麦当劳智能点餐助手
v1.0.5McDonald's China assistant (麦当劳助手) for coupon management, delivery ordering, and nutrition planning. Use this skill when users explicitly mention McDonald's...
⭐ 0· 553·4 current·4 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a McDonald's ordering/coupon/nutrition assistant and the required artifacts (MCD_TOKEN and an MCP endpoint) are coherent with that purpose. However, the registry metadata at the top of the package claims no required environment variables or credentials while SKILL.md and README explicitly require MCD_TOKEN and the execute_bash tool — this metadata mismatch is a significant incoherence. Also README version (2.0.0) doesn't match registry version (1.0.5), further reducing trust in provenance.
Instruction Scope
Instructions stay within the McDonald's MCP API domain (curl calls to mcp.mcd.cn and described read/write flows). The skill requires user confirmation before write actions, and the SKILL.md/SECURITY.md explicitly warn not to log the token. However: (1) the skill relies on execute_bash to run curl, which can execute arbitrary shell commands if misused; (2) MCD_MCP_URL is overridable, so a compromised or misconfigured environment could point requests at an attacker-controlled endpoint and leak the token; and (3) because this is instruction-only there is no enforcement that only the described curl commands will be executed.
Install Mechanism
This is an instruction-only skill with no install spec or code to download, which minimizes disk-write/install risk. Nothing in the package auto-downloads or extracts external artifacts.
Credentials
The SKILL.md and README require a single sensitive credential (MCD_TOKEN) and optionally MCD_MCP_URL — that is proportionate for a service that must act on a user's McDonald's account. However, the registry metadata claims no required env vars, so the package metadata underreports sensitive requirements. Requiring execute_bash is functionally explainable (to call curl) but grants the ability to run arbitrary shell commands, raising risk for token exposure. The optional MCD_MCP_URL parameter also creates a plausible attack vector if set to a non-MCP host.
Persistence & Privilege
The skill does not request persistent privileges (always:false), no config paths are declared, and it does not claim to modify other skills or system-wide settings. There is no automatic installation or persistent agent-level privilege requested.
What to consider before installing
Do not install blindly. Specific things to check before using or installing: 1) Source provenance — the package lists no homepage and the owner/publisher is unknown; prefer packages from trusted repositories. 2) Metadata mismatch — the registry metadata claims no required env vars or binaries but SKILL.md/README require MCD_TOKEN and execute_bash; ask the publisher to correct metadata. 3) Limit exposure — create a dedicated, limited-scope test token for this skill and rotate/revoke it after testing. 4) Avoid setting MCD_MCP_URL to anything other than the default unless you trust the endpoint; treat that variable as sensitive. 5) Prefer running the skill in a sandbox or container and monitor network traffic to confirm requests go only to mcp.mcd.cn. 6) Because execute_bash can run arbitrary commands, inspect SKILL.md/README carefully and only proceed if you understand and accept the risk. If you are uncertain, decline installation or require the publisher to provide verifiable source (repo link, checksum, and consistent metadata).Like a lobster shell, security has layers — review code before you run it.
latestvk97etz7djk573e9bd31qcw5q21826f7r
License
MIT-0
Free to use, modify, and redistribute. No attribution required.