麦当劳MCP自动化工具
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill needs careful review because it asks for an undeclared McDonald’s session token and advertises automated account/order actions with inconsistent implementation.
Install only if you are comfortable giving the skill a McDonald’s account token and potentially allowing automated account actions. Verify the endpoints and script behavior first, avoid storing tokens in plain crontab entries, and require manual confirmation before any order or purchase-related action.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent process with this token could act on the user’s McDonald’s account within the token’s privileges.
The skill requires a live McDonald’s app/API token obtained from request headers. This is delegated account access, but the registry metadata declares no required env vars or primary credential.
打开麦当劳App,抓包获取请求头中的`MCD_TOKEN`... export MCD_TOKEN="你的MCD_TOKEN"
Declare MCD_TOKEN as a credential, document exactly what account access it grants, prefer an official login/OAuth flow if available, and warn users not to expose packet-captured session tokens.
If followed too broadly, the agent could attempt account-changing or purchase-related actions, and the user’s account may be rate-limited or restricted.
The skill advertises automated ordering/account mutation and includes guidance framed around avoiding provider risk controls, but it does not define explicit user confirmation, spending limits, cancellation, or authorized API boundaries.
✅ 支持一键下单到店取餐 ... `./mcd-cli.sh order:place --store-id "12345" --items "麦辣鸡腿堡,薯条,可乐"` ... 调用间隔至少2秒,单日调用不超过200次,避免风控 ... 更换账号
Require explicit user approval before every order, show final store/items/price before submission, remove risk-control evasion guidance, and keep automated calls within provider-approved limits.
Users and agents cannot reliably tell which API workflow is intended, increasing the chance of failed, unexpected, or unsafe account actions.
SKILL.md explicitly says the correct API format is POST to the root URL using JSON-RPC and says not to call `/v1/xxx`, but the included script calls `/v1/...` endpoints. It also advertises `order:place` although no matching case handler is implemented.
api_request "POST" "/v1/coupon/receive" ... api_request "POST" "/v1/store/stock" ... api_request "POST" "/v1/order/calculate"
Align the documentation and script, remove unimplemented commands, and clearly document the exact endpoints and behavior before users provide tokens.
The task would keep running daily until removed and may continue using the token even after the user forgets it was configured.
The cron example is an optional user-directed setup, but it creates persistent scheduled account automation using the user’s token.
每天早上8点自动领取优惠券: `0 8 * * * export MCD_TOKEN="你的Token" && /path/to/mcd-cli.sh coupon:receive`
Only add the cron job if desired, store the token securely, document how to disable it, and rotate the token if it was exposed in crontab or logs.
The skill may fail or rely on undeclared local binaries that the user did not expect.
The script invokes `openssl` and `bc`, while the declared requirements list only `curl` and `jq`, so the runtime dependency contract is incomplete.
openssl md5 -r ... echo "$original_price - $final_price" | bc
Declare all required binaries in metadata and setup instructions, or remove the undeclared dependencies.