kroger
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly aligned with Kroger search and cart use, but its helper script unsafely embeds user-controlled input into Python commands, which could allow unintended local code execution.
Review and fix the script's unsafe input handling before use. If you still install it, only authenticate with a Kroger account you trust the agent to modify, protect the token file, and require confirmation before any cart additions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A maliciously crafted grocery item or search term could cause the script to run unintended commands on the user's machine.
The search term is inserted directly into Python source passed to `python3 -c`; a crafted term containing quotes or Python syntax could break out of the string and execute unintended local code.
encoded=$(python3 -c "import urllib.parse; print(urllib.parse.quote('$term'))")Pass user input as an argument or environment variable instead of interpolating it into Python code, for example `python3 -c 'import sys, urllib.parse; print(urllib.parse.quote(sys.argv[1]))' "$term"`.
The agent can add selected products and quantities to the user's Kroger cart after authentication.
The skill can modify a Kroger cart, but the behavior is disclosed, purpose-aligned, and includes a user-confirmation instruction for batch additions.
Add to cart: `scripts/kroger.sh add <productId> <qty>` ... "When adding many items, batch all searches first, then confirm selections with the user, then add all to cart."
Confirm product IDs, item names, quantities, and store context before allowing cart additions, especially for multiple items.
Anyone who can read the configured token file or environment may be able to use the Kroger API with the user's authorization.
The skill requires Kroger developer credentials and stores OAuth tokens locally for cart access; this is expected for the integration but grants account-level authority.
export KROGER_CLIENT_ID="your-client-id" ... export KROGER_CLIENT_SECRET="your-client-secret" ... `KROGER_TOKEN_FILE` — token storage path (default: `~/.kroger-tokens.json`)
Use a dedicated Kroger developer app, keep the client secret and token file private, restrict file permissions, and revoke tokens if the skill is no longer used.
Users relying only on metadata may not realize the skill needs Kroger API credentials and OAuth setup.
The registry metadata under-declares the credential setup that SKILL.md requires, which could make the skill's account access needs less visible before review.
Required env vars: none ... Primary credential: none
Update metadata to declare the required Kroger client credentials and OAuth/token-file behavior.