Skillv1.0.0

ClawScan security

饿了么外卖点餐 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 5:48 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's declared purpose (automating Ele.me via Playwright MCP) matches its instructions and requirements; there are no unrelated credentials or installs, but pay attention to user-consent and runtime package download risks.
Guidance: This skill is internally consistent for automating Ele.me through a browser MCP server, but consider the following before installing: - Confirm you are comfortable running an MCP server via `npx @playwright/mcp@latest` (this downloads/executes code at runtime). Use pinned versions if you prefer reproducibility. - The agent is designed to perform many steps autonomously (selecting defaults, adding items, submitting the order). Verify your account's payment settings (saved cards/wallet auto-pay) so the agent cannot trigger unexpected charges; if unsure, remove auto-pay methods or require explicit confirmation for submission. - Be prepared to supply sensitive inputs interactively (phone number and OTP). Do not give permanent credentials; only provide OTPs when you intend to log in. - If you want tighter control, request the skill be modified to always ask for explicit confirmation before submitting the final order (and to check whether payment will be automatic). - Run a supervised test flow (low-cost or test account) first to validate behavior before using on a primary account.

Review Dimensions

Purpose & Capability: okName/description and metadata ask for npx + Playwright MCP and the instructions exclusively describe browser automation flows for Ele.me (navigation, snapshots, clicks, filling OTP, cart/checkout). All required capabilities correspond to the stated purpose; no unrelated env vars, binaries, or config paths are requested.
Instruction Scope: noteSKILL.md precisely instructs the agent how to use Playwright MCP actions (browser_navigate, browser_snapshot, browser_click, browser_fill_form, etc.) and when to ask the user (OTP and final payment confirmation). It deliberately directs many steps to run autonomously (finding shop, selecting defaults, adding to cart) which is consistent with the stated goal but increases the risk of unintended orders or charges if account/payment settings differ (see guidance). The skill does not instruct reading system files or unrelated env vars.
Install Mechanism: noteThis is instruction-only (no install spec). The documentation requires configuring an MCP server invoked via npx @playwright/mcp@latest. That is expected for a Playwright-based browser automation skill, but it does imply runtime download/execution of an npm package (the MCP server) via npx; users should ensure they trust the source and are comfortable with pulling the package at runtime.
Credentials: okThe skill requests no environment variables or credentials. It expects user-provided data during interaction (phone number, OTP) which is reasonable for a login flow. No unrelated secrets are requested.
Persistence & Privilege: okalways is false and the skill does not request persistent system-level privileges or modify other skills. Autonomous invocation is allowed by default but not excessive for this use case; the skill also documents stopping for payment, which limits high-privilege actions.