Order food delivery via browser automation, triggered by calendar events. Supports two modes — Direct (specific service + restaurant) and Discovery (criteria...
Security Analysis
medium confidenceThe skill's functionality (automating live food orders via your local Chrome profile) is coherent with its description, but it requires sensitive access (saved logins, payment methods, addresses) that is not declared in the metadata and its runtime instructions give broad authority to spawn sub-agents and perform real charges—this mismatch and the sensitive surface warrant caution.
The skill's claimed purpose—placing orders by automating browser interactions with DoorDash, Uber Eats, and Grubhub—matches the runtime instructions (open Chrome profile, navigate sites, add items, checkout). Requiring access to a Chrome profile with saved logins, addresses, and payment methods is plausible for this feature, so the capability itself is coherent with the purpose, but it is inherently high-sensitivity and should have been declared explicitly in the metadata.
SKILL.md explicitly instructs the agent/sub-agents to open the user's local Chrome profile (containing saved logins, payment methods, and addresses), parse calendar event title+description (including gate codes and allergies), and perform live checkouts that will charge saved payment methods. It also spawns sub-agents for browser control. These runtime actions reach far into sensitive local state and financial operations; while they are necessary for the stated purpose, they expand scope to highly sensitive operations and rely on careful, correct verification (which the instructions attempt to address but cannot guarantee).
This is an instruction-only skill with no install spec and no code files to download or install. From a disk-write/install perspective this is low risk; the runtime risk comes from the instructions rather than installation artifacts.
The registry metadata lists no required config paths or credentials, yet the instructions require opening a local Chrome profile (access to saved logins, payment methods, addresses) and reading calendar events. That is an inconsistency: the skill needs access to sensitive local browser data and calendar content but does not declare those resources. There are no unrelated credentials requested, but the omission of required config/permission declarations is a red flag.
The skill is not marked always:true and is user-invocable (normal). However, because it can spawn sub-agents and perform live charges using the user's saved payment methods, allowing autonomous invocation or broad runtime privileges increases potential impact. The metadata does not document safeguards (e.g., interactive confirmation enforcement beyond a single 'yes' prompt), so users should treat autonomous runs with caution.
Guidance
This skill will open your local Chrome profile and use your saved accounts, addresses, and payment methods to place real orders; the registry metadata does not declare those required local accesses. Before installing: (1) Only proceed if you trust the skill author (source is unknown) and you understand that real charges will occur. (2) Consider creating and using a dedicated Chrome profile that has no saved payment methods or personal addresses, or remove saved cards before testing. (3) Test with a low-risk scenario (cheap order) and ensure the pre-checkout confirmation is enforced in practice. (4) Disable autonomous invocation or require manual invocation so the skill cannot act without your explicit start. (5) Limit calendar triggers to a calendar you control (avoid shared calendars), and avoid including highly sensitive data (full gate codes, PINs) in event descriptions unless you accept the exposure. (6) If you must use it, monitor your payment account and revocable credentials, and be prepared to revoke access or uninstall the skill if behavior is unexpected. If you need absolute safety, do not install an instruction-only skill that accesses your browser profile and can perform live financial transactions.
Latest Release
v1.1.0
Add security controls: explicit pre-checkout confirmation gate, security disclosure section, Chrome profile warnings, and calendar event trust/spoofing notice.
More by @ThisIsJeron
Published by @ThisIsJeron on ClawHub
