ordercli
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's metadata defines installation procedures for the
orderclibinary via the Homebrew package manager (steipete/tap/ordercli) or the Go toolchain (github.com/steipete/ordercli/cmd/ordercli@latest). These are standard methods for distributing developer tools. - [COMMAND_EXECUTION]: The instructions describe the execution of the
orderclibinary to perform various tasks such as listing countries, checking order history, and reordering items. Some commands include advanced flags for browser automation and profile management. - [DATA_EXFILTRATION]: The skill provides commands to import authentication data from local browser profiles, specifically Chrome cookies and session data (
ordercli foodora cookies chrome,ordercli foodora session chrome). This is an intended feature of the tool to bypass bot protection mechanisms and maintain active login sessions. - [CREDENTIALS_UNSAFE]: The documentation includes instructions for authenticating with Foodora using an email and password via standard input (
--password-stdin) and references the use of environment variables likeDELIVEROO_BEARER_TOKENfor API access. No hardcoded credentials or secrets are present in the skill instructions.
Audit Metadata