Skills
skills/elizaos/eliza/ordercli/Gen Agent Trust Hub

ordercli

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The skill installs the ordercli binary from an untrusted GitHub repository (steipete/ordercli) via go install and homebrew.
  • DATA_EXFILTRATION (HIGH): The skill provides explicit instructions and commands for extracting sensitive data from the user's local system, specifically:
  • Accessing Chrome browser cookies via ordercli foodora cookies chrome.
  • Accessing browser session data via ordercli foodora session chrome.
  • Accessing sensitive local directories such as ~/Library/Application Support/ordercli/browser-profile.
  • CREDENTIALS_UNSAFE (MEDIUM): The skill handles sensitive credentials and authentication tokens, including:
  • Collecting user passwords via stdin (--password-stdin).
  • Requiring the use of bearer tokens (DELIVEROO_BEARER_TOKEN) and cookies.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 18, 2026, 06:11 PM