Skillv1.0.0

ClawScan security

Ordercli · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 8:21 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's purpose (a CLI to check Foodora/Deliveroo orders) is plausible, but the runtime instructions reference sensitive local browser profiles, cookie import, and an undocumented env var/token — and the SKILL.md includes install metadata that isn't reflected in the registry fields, so the package's declared footprint doesn't match what it actually needs.
Guidance: Before installing or enabling this skill: (1) Verify the upstream project and Homebrew tap (steipete/ordercli) and review source code on GitHub — the SKILL.md suggests installs come from those sources. (2) Be cautious about supplying browser profiles, Chrome cookies, or bearer tokens — these contain session/auth data that can access your accounts; only use cookie/profile import in a controlled environment or with throwaway accounts. (3) Prefer manual use of the ordercli binary rather than granting an agent automatic access; if you do allow the agent to run it, restrict the agent's file access so it cannot read your actual browser profile directory. (4) If you need Deliveroo support, only provide DELIVEROO_BEARER_TOKEN after reviewing why it's needed. (5) If you are unsure, run ordercli in an isolated VM or container and inspect network activity and stored config files before trusting it with real credentials. The main red flags are the mismatch between declared registry requirements and the SKILL.md instructions (sensitive file/cookie access and an undocumented env var).

Review Dimensions

Purpose & Capability: concernThe skill claims to be a thin CLI for Foodora/Deliveroo. That purpose can legitimately require login/session data and an installed binary. However, the registry metadata at the top-level lists no required binaries, no config paths, and no env vars, yet the SKILL.md and its embedded metadata expect the 'ordercli' binary and suggest Homebrew/Go install methods. This mismatch between declared requirements and the instructions is a coherence problem.
Instruction Scope: concernSKILL.md instructs use of browser-based login, reusing a browser profile path ($HOME/Library/Application Support/ordercli/browser-profile), and importing Chrome cookies from a Chrome profile. Those actions involve reading local browser profiles and cookies (sensitive personal/session data). The instructions also show a Deliveroo bearer token option and password stdin usage. The registry does not declare access to any config paths or secrets, so the instructions widen scope beyond the skill's declared boundaries.
Install Mechanism: noteThe SKILL.md's embedded metadata proposes install via a Homebrew tap (steipete/tap/ordercli) or a Go module from github.com/steipete/ordercli. These are standard distribution channels (lower risk than arbitrary download URLs). The registry, however, lists no install spec while SKILL.md does — the inconsistency should be resolved. You should verify the Homebrew tap and GitHub repo before installing.
Credentials: concernTop-level registry fields declare no required env vars, but SKILL.md mentions a DELIVEROO_BEARER_TOKEN (and optional DELIVEROO_COOKIE) for Deliveroo support. The instructions also imply supplying email/password (via --password-stdin) and importing browser cookies/profiles. Requesting/using tokens, cookies, or browser profiles is sensitive and should be explicitly declared; its absence is a red flag.
Persistence & Privilege: okThe skill does not request always:true and does not declare system-wide modifications. It recommends reusing a browser profile path and allows storing a config (e.g., --config /tmp/ordercli.json), but it does not demand permanent presence or modify other skills. No elevated platform privileges are requested in the registry.