ClawHub

Food Calendar Order

Security checks across malware telemetry and agentic risk

Overview

This skill performs live food-ordering automation with saved delivery accounts, but the sensitive behavior is clearly disclosed and the main instructions require explicit user confirmation before purchase.

Install only if you are comfortable letting an agent use your logged-in delivery accounts in Chrome. Use it only with calendar events you created, review the restaurant, items, address, fees, tip, total, ETA, and payment method carefully, and say yes only when you intend to place that exact live order.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

High
Confidence
97% confidence
Finding
This is a true vulnerability because the flow explicitly proceeds from reviewing the cart to clicking "Place Order" using saved address and payment details, but does not require an explicit user confirmation immediately before the irreversible purchase. In an agentic/browser-automation context triggered by calendar events, this materially increases the risk of unintended or unauthorized real-money transactions caused by misclassification, prompt injection in upstream inputs, or simple automation error.

Missing User Warnings

High
Confidence
96% confidence
Finding
The flow culminates in clicking "Place your order" using a saved payment method and stored delivery details, but it does not require an explicit user confirmation immediately before the irreversible purchase step. In an agentic automation context triggered by calendar events, this creates a real risk of unintended or unauthorized transactions caused by mis-triggering, prompt manipulation, bad item selection, or ambiguous event parsing.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill directs the agent to click the final 'Place order' button and complete a real purchase using saved payment credentials, but it does not require an explicit just-in-time user confirmation immediately before the irreversible transaction. In this skill's context, the danger is increased because it is triggered by calendar events and uses browser automation with a logged-in consumer account, creating a realistic path to unintended or unauthorized purchases.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal