ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Shopping Autopilot

v1.0.0

Automate your grocery shopping - weekly meal planning, regular items, delivery slots, and order confirmation.

0· 125·0 current·0 all-time
by@zy42905163-web

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zy42905163-web/shopping-autopilot.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Shopping Autopilot" (zy42905163-web/shopping-autopilot) from ClawHub.
Skill page: https://clawhub.ai/zy42905163-web/shopping-autopilot
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install shopping-autopilot

ClawHub CLI

Package manager switcher

npx clawhub@latest install shopping-autopilot
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill advertises automated ordering, delivery-slot booking, and order confirmation for Tesco, Amazon Fresh, and Instacart — capabilities that normally require store-specific authentication (accounts, API keys, or browser automation). Yet the metadata declares no required credentials, no config paths, and no install steps. That mismatch suggests the skill's declared requirements are incomplete or misleading.
!
Instruction Scope
SKILL.md contains only high-level features and example prompts; it gives no concrete runtime instructions for authentication, where or how it will perform web interactions, or how it will handle sensitive data (payment, addresses). The instructions are overly open-ended and grant broad discretion to the agent without bounds, which is a scope creep risk for an automation that would need account access.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, which minimizes disk writes and arbitrary code installation. That lowers installation risk, but does not resolve the operational ambiguity about required credentials or browser automation.
!
Credentials
Given the claimed features, one would expect the skill to request credentials (store API keys, OAuth tokens, login cookies) or to document using the user's interactive browser. The absence of any declared environment variables or credential requirements is disproportionate and unexplained.
Persistence & Privilege
The skill is not always-enabled and is user-invocable with normal autonomous invocation allowed. That is typical and not itself problematic — but if it later requires broad account access, autonomous invocation could increase risk. Currently there is no evidence it modifies other skills or system settings.
What to consider before installing
Before installing, ask the developer for specifics: (1) How does the skill authenticate with Tesco / Amazon Fresh / Instacart — does it use OAuth, store API keys, or require you to supply account credentials? (2) Will it ever place or confirm an order automatically, or only prepare carts for you to review? (3) How are payment methods and personal data stored, transmitted, or logged? (4) Where is any automation code executed (local browser automation vs remote service)? If you must provide credentials, prefer OAuth flows or short-lived tokens and avoid sharing passwords or credit-card details directly. If answers are unclear or the developer can't explain why no credentials are needed, treat the skill as risky — consider testing only with a throwaway account and no saved payment methods.

Like a lobster shell, security has layers — review code before you run it.

latestvk974q13mdb5xa4420snq397hxx83dcv3
125downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@zy42905163-web
latest
Download

Shopping Autopilot

Automate your weekly grocery shopping with AI.

Features

  • Weekly meal plan generation
  • Regular items auto-add
  • Delivery slot booking
  • Order confirmation

Supported Stores

  • Tesco (UK)
  • Amazon Fresh
  • Instacart (US/Canada)

Usage

"Help me order groceries for this week"
"Book a delivery slot for tomorrow"

Pricing

ServicePrice
Setup$150-300
Custom Integration$300-500

Author: OpenClaw Community

Comments

Loading comments...