Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
麦当劳点餐skill
v1.0.0通过麦当劳官方 MCP 服务点麦乐送外卖。当用户说「帮我点麦当劳」「我想吃麦当劳」「麦当劳有什么好吃的」「查一下我的麦当劳订单」「麦当劳最近有什么活动」「这个汉堡多少卡路里」等时使用。支持麦乐送点餐全流程:浏览菜单、价格计算、创建订单、订单跟踪,以及营养信息查询和活动日历查询。
⭐ 0· 290·0 current·0 all-time
bywujn@wjn161
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, required binary (python3) and required env var (MCD_MCP_TOKEN) align with a skill that calls an MCP API for ordering. The skill's behavior (menu browsing, price calc, order creation, tracking, nutrition) matches its stated purpose.
Instruction Scope
SKILL.md instructs the agent to check and, if missing, merge/write an entry into ~/.mcporter/mcporter.json (registering an 'mcd-mcp' server). It also instructs writing user-provided defaults into {SKILL_DIR}/config.json. These file-write instructions touch user files outside the skill bundle and are not declared in the manifest; that is scope creep relative to a pure API-caller. Other instructions (calling MCP endpoints, running the bundled Python helper) are expected for the stated purpose.
Install Mechanism
There is no external install spec or download; the skill is instruction-plus-local-scripts. The only code executed is the included Python script(s) (scripts/order_helper.py), so no remote code fetch occurs during install.
Credentials
The single environment variable requested, MCD_MCP_TOKEN, is appropriate for authenticating to the McDonald's MCP service. However, the manifest lists 'primary credential: none' while the SKILL.md and scripts clearly require the token. The SKILL.md also suggests storing the token in openclaw.json (agent config), which users should treat carefully.
Persistence & Privilege
The skill is not always-enabled and can be invoked by the user, which is normal. However, it requests permission to register an MCP server by modifying ~/.mcporter/mcporter.json — a persistent change to a user config file outside the skill directory. That persistent write increases blast radius if the skill were malicious and should be approved by the user.
What to consider before installing
This skill appears to implement McDonald's ordering via the official MCP API and uses a single token (MCD_MCP_TOKEN) and bundled Python helper scripts. Before installing: 1) Verify you trust the skill source — it will run the included Python script and may write to ~/.mcporter/mcporter.json and to the skill's config.json. 2) Do not store your primary or high-privilege credentials in world-readable files; use a dedicated token for this skill if possible. 3) If you prefer control, manually register the MCP server entry in ~/.mcporter/mcporter.json instead of allowing the skill to write it. 4) Inspect scripts/order_helper.py yourself (it’s included) to confirm there are no unexpected network endpoints or exfiltration steps (the script we reviewed only parses data, formats summaries, generates QR codes, and expects MCP data). 5) Because the skill modifies a user-level config file not declared in the manifest, proceed with caution — if you are unsure, choose not to install or run it in a restricted/test environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk970fnyzbqja8tqehkfzy8zyn582q48m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🍔 Clawdis
OSmacOS · Linux · Windows
Binspython3
EnvMCD_MCP_TOKEN