kroger
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: kroger Version: 1.0.0 The `scripts/kroger.sh` file contains several injection vulnerabilities. Specifically, the `cmd_add` function directly interpolates user-controlled `product_id` and `qty` into a JSON payload without proper escaping, making it vulnerable to JSON injection. Additionally, the `cmd_exchange` function directly uses the `$code` parameter in a `curl -d` argument, which could lead to shell injection if the code contains special characters. These are critical vulnerabilities, but there is no clear evidence of intentional malicious behavior like data exfiltration or backdoor installation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A maliciously crafted grocery item or search term could cause the script to run unintended commands on the user's machine.
The search term is inserted directly into Python source passed to `python3 -c`; a crafted term containing quotes or Python syntax could break out of the string and execute unintended local code.
encoded=$(python3 -c "import urllib.parse; print(urllib.parse.quote('$term'))")Pass user input as an argument or environment variable instead of interpolating it into Python code, for example `python3 -c 'import sys, urllib.parse; print(urllib.parse.quote(sys.argv[1]))' "$term"`.
The agent can add selected products and quantities to the user's Kroger cart after authentication.
The skill can modify a Kroger cart, but the behavior is disclosed, purpose-aligned, and includes a user-confirmation instruction for batch additions.
Add to cart: `scripts/kroger.sh add <productId> <qty>` ... "When adding many items, batch all searches first, then confirm selections with the user, then add all to cart."
Confirm product IDs, item names, quantities, and store context before allowing cart additions, especially for multiple items.
Anyone who can read the configured token file or environment may be able to use the Kroger API with the user's authorization.
The skill requires Kroger developer credentials and stores OAuth tokens locally for cart access; this is expected for the integration but grants account-level authority.
export KROGER_CLIENT_ID="your-client-id" ... export KROGER_CLIENT_SECRET="your-client-secret" ... `KROGER_TOKEN_FILE` — token storage path (default: `~/.kroger-tokens.json`)
Use a dedicated Kroger developer app, keep the client secret and token file private, restrict file permissions, and revoke tokens if the skill is no longer used.
Users relying only on metadata may not realize the skill needs Kroger API credentials and OAuth setup.
The registry metadata under-declares the credential setup that SKILL.md requires, which could make the skill's account access needs less visible before review.
Required env vars: none ... Primary credential: none
Update metadata to declare the required Kroger client credentials and OAuth/token-file behavior.