ordercli
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
orderclibinary from a third-party source using Homebrew (steipete/tap/ordercli) and the Go toolchain (github.com/steipete/ordercli/cmd/ordercli@latest). - [CREDENTIALS_UNSAFE]: The skill processes sensitive information including user passwords via stdin, API bearer tokens (
DELIVEROO_BEARER_TOKEN), and session cookies for authentication with Foodora and Deliveroo services. - [COMMAND_EXECUTION]: The skill is designed to execute the
orderclibinary with various subcommands to interact with external APIs and manage local configuration files. - [DATA_EXFILTRATION]: The skill provides commands to access and import sensitive data from the local filesystem, specifically browser cookies and profile information from paths such as
~/Library/Application Support/ordercli/browser-profileand Chrome's default profile directories.
Audit Metadata