Openclaw Rappi
WarnAudited by ClawScan on May 13, 2026.
Overview
The skill is coherent for assisted Rappi ordering, but it tells the agent to automatically download, build, and keep running an unreviewed local service from GitHub.
Install only if you are comfortable with an agent downloading and running the separate openclaw-rappi GitHub service in the background. Prefer manually reviewing and pinning that service first, use a dedicated Rappi Chrome profile, and approve purchases only after verifying the exact order summary.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill could cause your agent to run code that was not included in this review before handling your Rappi account or order.
The agent is told to fetch and build remote code at runtime, while the submitted package contains no reviewed service code or install spec and the artifact does not pin a commit or dependency set.
If unavailable, bootstrap the local service from GitHub automatically... git clone https://github.com/zarruk/openclaw-rappi.git ... npm install ... npm run build
Do not allow automatic bootstrap unless you trust and have reviewed the GitHub service; prefer a pinned release or commit, a lockfile, and an explicit install spec.
The agent may execute unreviewed local commands and package scripts on your machine as part of normal skill use.
These commands execute package-manager scripts and a helper script from the downloaded repository, then start the service; the instructions say to do this automatically after a failed health check.
npm install; npm run build; ./scripts/install-launchd.sh; nohup npm start > logs/service.out.log 2> logs/service.err.log &
Require explicit user confirmation before any shell install/start command, and run only audited, pinned code in a constrained environment.
A local service related to ordering could continue running after the immediate task is finished.
The skill starts a launchd-managed or nohup background service, but the artifacts do not provide clear stop, uninstall, update, or lifetime controls.
./scripts/install-launchd.sh ... nohup npm start > logs/service.out.log 2> logs/service.err.log &
Provide clear lifecycle controls, including explicit consent to start, visible status, logs, stop, disable, and uninstall instructions.
If you approve the exact phrase, the agent can submit a real Rappi purchase.
The skill exposes a purchase-confirmation action, which is high impact, but the documented workflow requires an exact per-order approval phrase in the current chat.
Only after the exact approval phrase appears in the current chat or button callback, call: curl -X POST http://127.0.0.1:4777/drafts/<draftId>/confirm-purchase
Review the checkout summary carefully and approve only when the items, address, payment method, delivery estimate, and total are exactly correct.
The local service may operate in a browser session that is logged in to your Rappi account.
The workflow relies on a logged-in Rappi browser session and can view account checkout details such as delivery address and payment labels; this is expected for ordering but sensitive.
ask the user to open a dedicated visible Chrome profile and log in to Rappi
Use a dedicated Chrome profile, avoid storing unrelated accounts in it, and monitor the visible browser while orders are prepared.
Order details, and possibly address or payment labels included in the checkout summary, may be sent through the Telegram approval channel.
The approval flow can send checkout information through Telegram and treats a matching button callback as purchase approval; this is purpose-aligned but depends on the chat target being correct.
message: "<checkout summary>\n\nAPRUEBO COMPRA RAPPI <draftId>", "buttons": [[{"text":"Aprobar compra","callback_data":"APRUEBO COMPRA RAPPI <draftId>"}]]Use this only in a trusted direct chat and verify that the approval button and draft ID belong to the order you intend to buy.