Safety Report

Food Delivery

Name: Food Delivery
Rating: 5 (4 reviews)
Author: ivangdavila

@ivangdavila

Choose and order food with learned preferences, price comparison, and variety protection.

387Downloads

1Installs

4Stars

1Versions

E-Commerce1,690 Education & Learning489

Security Analysis

high confidence

Clean0.08 risk

The skill's requirements and instructions are internally consistent with its stated purpose (choosing and placing food orders); the main practical sensitivity is that it relies on browser automation and local files and therefore will use the user's logged-in browser sessions and stored payment methods—so the user should be aware of that privilege before enabling it.

Feb 18, 20265 files2 concerns

Purpose & Capabilityok

Name/description (choose and order food) align with what the skill does: it stores preferences locally, compares platforms, and places orders via browser automation. No unrelated credentials, binaries, or installs are requested.

Instruction Scopenote

SKILL.md confines data read/write to ~/food-delivery/ (memory.md, restaurants.md, orders.md, people.md) and describes explicit ordering steps. This is within scope, but the ordering instructions require controlling the user's logged-in browser session and interacting with payment methods in the browser — an implicit sensitive capability. The skill correctly requires explicit user confirmation before checkout.

Install Mechanismok

Instruction-only skill with no install spec or external downloads. No code is written to disk by the skill itself beyond the user-created ~/food-delivery/ files.

Credentialsnote

The skill requests no environment variables or external credentials (proportionate). However, it depends on the agent having browser automation capability and access to the user's logged-in browser sessions and payment methods; that implicit access is the main sensitivity to consider.

Persistence & Privilegeok

always is false and the skill stores only its own data under ~/food-delivery/. It does not request system-wide changes or other skills' configurations and promises not to modify SKILL.md.

Guidance

This skill appears to be what it says: it will learn preferences in files under ~/food-delivery/ and use browser automation to place orders using whatever is already configured in your delivery apps and browser. Key things to consider before installing: 1) Browser access: the agent needs to drive your logged‑in browser sessions and may trigger real purchases—ensure you trust the agent's automation capabilities and that explicit confirmation before checkout is enforced. 2) Payment privacy: the skill does not ask for card credentials but will use payment methods stored in your apps; protect your browser/profile. 3) Local storage: preference and order history are stored in ~/food-delivery/ — if that directory contains sensitive info, move or protect it and periodically prune orders.md (it already recommends 14 days). 4) Test safely: try a dry run or a low-cost order to confirm the confirmation/checkout flow behaves as you expect. 5) If you don't want the agent to be able to place orders autonomously, ensure your platform or agent can restrict browser automation or require manual approval for checkout.

Latest Release

v1.0.0

Initial release

More by @ivangdavila

DOCX

18 stars

Market Research

18 stars

Code

14 stars

Excel / XLSX

13 stars

Data Analysis

13 stars

Office

11 stars

Published by @ivangdavila on ClawHub