ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Buy McDonald

v1.0.1

购买麦当劳商品的技能,通过claw_pay接口实现余额支付。仅适用于中国地区。Invoke when user wants to buy McDonald's products using claw wallet balance in China.

1· 61·0 current·0 all-time
byvikky@vikky-lin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description, SKILL.md, and code consistently implement purchasing via a claw_pay API using a user-supplied access_token — that aligns with the stated purpose. However, the implementation hardcodes BASE_URL to https://www.stonetech.top (not an official McDonald's domain or a well-known payment provider), and there is no homepage or source provenance. Routing payments/tokens to an undocumented third party is unexpected for a marketplace/payment skill and should be justified.
!
Instruction Scope
SKILL.md and the code instruct the agent to POST/GET user access_tokens and purchase requests to API endpoints. The instructions do not request any unrelated files or env vars, but they explicitly rely on user-supplied access_token values and direct the agent to send them to the hardcoded base URL. The SKILL.md also tells users to contact a WeChat account to 'get account keys', which introduces an out-of-band transfer of sensitive credentials and social contact that is outside the expected automated flow.
Install Mechanism
This is instruction-plus-code with no install spec (no packages declared). The code imports requests and loguru but the skill does not declare dependencies — that is a packaging/operational omission (not necessarily malicious) but can lead to runtime surprises. No downloads or archive installs are performed.
!
Credentials
The skill does not request platform env vars, which is appropriate, but it requires the user's 'access_token' (wallet key) to perform purchases. Given the hardcoded third-party base URL and the SKILL.md instruction to obtain keys via a WeChat contact, the requested credentials could be captured or misused by an external operator. The lack of a known, reputable API host or documented operator makes the credential request higher-risk than the stated purpose alone would imply.
Persistence & Privilege
The skill does not request permanent presence (always: false) and does not modify other skills or system-wide settings. It invokes network I/O as expected for a payment integration; autonomous invocation is allowed (platform default) but not combined here with other elevated privileges.
What to consider before installing
Before installing or using this skill, verify the API operator and trustworthiness of the base URL (https://www.stonetech.top). Do not share real wallet access tokens with unknown parties or via WeChat—avoid obtaining keys through an off-platform contact. Prefer official/verified payment integrations or ask the skill author for provenance (company, privacy/payout policy, TLS cert, API documentation, and a public homepage or repository). If you must test, use a throwaway/test account with minimal balance. If you cannot verify the endpoint/operator, do not provide real credentials or make payments through this skill.

Like a lobster shell, security has layers — review code before you run it.

chinavk97aqtahrcc4f9fq0d5n6k70q183b58cclawvk97aqtahrcc4f9fq0d5n6k70q183b58clatestvk97erz26egjsfgs09v126g3y0183a7tjmcdonaldvk97aqtahrcc4f9fq0d5n6k70q183b58cmcdonald china clawvk97erz26egjsfgs09v126g3y0183a7tjpaymentvk97aqtahrcc4f9fq0d5n6k70q183b58c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments