Ordercli
Security checks across malware telemetry and agentic risk
Overview
The skill is mostly coherent for a food-ordering CLI, but it documents sensitive Chrome cookie/session import without enough scoping or cleanup detail.
Install only if you trust the ordercli package and intentionally want to let it access your Foodora account. Treat Chrome cookie or session import as sensitive account delegation; prefer password-stdin or a dedicated browser profile when possible, and check where the CLI stores imported sessions and how to delete them.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.