ordercli
Warn
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs an external binary from a non-standard third-party source using both Homebrew (
steipete/tap/ordercli) and Go (github.com/steipete/ordercli/cmd/ordercli@latest). These sources are personal repositories and do not belong to established trusted organizations. - [CREDENTIALS_UNSAFE]: The skill manages and processes sensitive authentication data. It includes commands to accept passwords via standard input (
--password-stdin), use environment-based bearer tokens (DELIVEROO_BEARER_TOKEN), and explicitly provides functionality to extract session cookies and profiles from the user's Chrome browser (ordercli foodora cookies chrome). - [COMMAND_EXECUTION]: The skill is designed to execute the
orderclicommand-line tool with various arguments to interact with external food delivery services. This includes complex operations like refreshing sessions and performing automated reorders.
Audit Metadata