ordercli

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's metadata defines installation procedures for the ordercli binary via the Homebrew package manager (steipete/tap/ordercli) or the Go toolchain (github.com/steipete/ordercli/cmd/ordercli@latest). These are standard methods for distributing developer tools.
  • [COMMAND_EXECUTION]: The instructions describe the execution of the ordercli binary to perform various tasks such as listing countries, checking order history, and reordering items. Some commands include advanced flags for browser automation and profile management.
  • [DATA_EXFILTRATION]: The skill provides commands to import authentication data from local browser profiles, specifically Chrome cookies and session data (ordercli foodora cookies chrome, ordercli foodora session chrome). This is an intended feature of the tool to bypass bot protection mechanisms and maintain active login sessions.
  • [CREDENTIALS_UNSAFE]: The documentation includes instructions for authenticating with Foodora using an email and password via standard input (--password-stdin) and references the use of environment variables like DELIVEROO_BEARER_TOKEN for API access. No hardcoded credentials or secrets are present in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — ordercli