← Back to Skills Marketplace
bigdaddyluke

Instacart

by bigdaddyluke · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
400
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install instacart-skill
Description
Place grocery orders on Instacart via browser automation. Supports search, reorder, smart lookback based on order history, and nightly auto-replenishment.
README (SKILL.md)

Instacart Ordering

You are an agent driving a browser to build and place grocery orders on Instacart. The user tells you what they want; you search products, build the cart, and confirm before checkout.

Prerequisites

  • OpenClaw browser — this skill uses openclaw browser commands to control a Chromium session. A browser profile must be configured (default: openclaw).
  • Instacart account — the user must have an existing Instacart account with a saved delivery address and payment method.
  • gog CLI — required if INSTACART_CODE_EMAIL is set. The email account must be authenticated in gog (gog auth list to verify).

Environment Variables

Set these in your agent's env file (e.g. .env, .env.personal):

Variable Required Description
INSTACART_URL Yes Base URL (e.g. https://www.instacart.com or https://www.instacart.ca)
INSTACART_EMAIL Yes Login email for the Instacart account
INSTACART_CODE_EMAIL No Email address where Instacart sends verification codes. Must be authed in gog CLI. If set, the agent fetches codes automatically. If unset, the agent asks the user.

Store Mappings

Create a JSON file at memory/instacart-storefronts.json mapping casual store names to Instacart slugs:

{
  "costco": "costco",
  "walmart": "walmart",
  "safeway": "safeway"
}

Slugs match the store path on Instacart (e.g. instacart.com/store/costco). If the file is missing or malformed, skip it and search Instacart directly for the store the user named. If the user names a store not in the map, search Instacart directly or ask the user for the correct storefront URL.

Workflow

  1. Read env vars first. Read .env.personal (or your env file) to get INSTACART_URL, INSTACART_EMAIL, and INSTACART_CODE_EMAIL before opening the browser. Also read memory/instacart-storefronts.json if the user named a store. Do these reads in parallel.

  2. Open Instacart and check login state. Open INSTACART_URL, snapshot the page. If you see "Log in" or "Sign up" buttons, run the login flow (see Login Flow below). If you see an account menu or cart icon, you're logged in — proceed.

  3. Build the cart. Choose the best strategy for the request:

    • Search: Navigate to the store, search for each item, let the user pick from results.
    • Reorder: If user says "same as last time" or "reorder", open their recent orders for that store, use the reorder flow, then ask what to add/remove.
    • Smart lookback (default when order history is available):
      1. Open order history for the active store.
      2. Build a candidate list of items ordered 2 or more times.
      3. For each candidate, estimate reorder cadence from prior gaps (prefer median days between purchases; fallback to average if needed).
      4. Compare days since last purchase to cadence. If due/overdue, add to cart.
      5. If item is already in cart, do not duplicate — mark as already in cart.

  4. Handle duplicates and quantity mismatches. If the user asks for an item that is already in cart, tell them it is already there and confirm whether to increase quantity. If the user requests a specific quantity (e.g. "2 milks") and a smaller quantity is already in cart, offer to add the difference.

  5. Iterate with the user. After each action, snapshot the page, tell the user what you see, and ask what to do next. Don't auto-pick when products are ambiguous — show options and let them choose.

  6. Confirm before checkout. Present: item count, subtotal, fees/tip, total, delivery address, payment method. Include an Auto-added from lookback section listing anything added by cadence logic and anything skipped as already in cart. Wait for explicit "yes" / "place it" / "go ahead" before clicking Place Order.

Speed Rules

Minimize tool calls. Every call adds latency.

  • Read env + storefronts in one batch before opening the browser.
  • Don't snapshot after every click. Only snapshot when you need to see new content (after navigation, page load, or when you don't know what's on screen). Skip the snapshot after a simple click if you already know what to expect.
  • Never open Gmail or any email provider in the browser. Use gog CLI exclusively for email retrieval. Opening Gmail wastes 10+ tool calls on Google's login flow.
  • Don't insert wait calls between actions. The browser commands already wait for page readiness. Only add an explicit wait if a page element is genuinely not loading.

Safety

  • Never click Place Order / Pay Now without explicit user confirmation.
  • Never modify payment method or delivery address without explicit confirmation.
  • "ok", "thanks", "looks fine" are NOT confirmation — only proceed on clear affirmative intent to place the order.

Browser Reliability

  • If a browser action returns "Can't reach the OpenClaw browser control service" or times out, the browser subsystem has crashed. Fix it yourself — do NOT ask the user to restart:
    1. Run: openclaw browser stop
    2. Wait 2 seconds
    3. Run: openclaw browser start
    4. Run: openclaw browser status to verify running: true
    5. Re-open the page with openclaw browser --browser-profile openclaw open "\x3Curl>" --json to get a fresh targetId
    6. Continue from where you left off
  • If the browser profile disconnects mid-flow (e.g. during login), re-run the open command to get a new targetId, then continue from where you left off.
  • Element refs from a snapshot are only valid until the page changes. Always re-snapshot after navigation or page reload.
  • Never tell the user the browser is down. Always attempt self-recovery first. Only inform the user if recovery fails after 2 attempts.

Cart Clearing

When the user asks to clear or empty their cart:

  1. Open the store storefront page
  2. Click the cart icon to open the cart view
  3. Click the remove/delete button on each item until the cart is empty
  4. Verify the cart indicator shows 0 items

If a remove button's element ref fails to register a click, fall back to evaluating a direct JavaScript click on the same element (see the evaluate command below).

Nightly Auto-Replenishment Mode

When invoked by a nightly automation task:

  1. Open Instacart, ensure logged in.
  2. Run Smart lookback for each frequently used storefront (or the mapped default stores in memory/instacart-storefronts.json).
  3. Add only due/overdue items with 2+ historical purchases.
  4. Never duplicate an item already in cart — mark it as already present.
  5. Post a concise summary with:
    • auto-added items,
    • items skipped because already in cart,
    • items considered but not yet due.
  6. Do not place an order in nightly mode.

Browser Command Reference

All commands use openclaw browser to control a Chromium session. After opening a page, subsequent commands require the --target-id returned by the open command.

Core Commands

# Open a URL in a new tab (returns JSON with targetId)
openclaw browser --browser-profile openclaw open "\x3Curl>" --json

# Navigate an existing tab to a new URL
openclaw browser --browser-profile openclaw navigate "\x3Curl>" --target-id "\x3CtargetId>"

# Snapshot the current page (returns element refs and visible content)
# Use --limit 3000 for most pages. Increase to 5000+ for large carts where items may be truncated.
openclaw browser --browser-profile openclaw snapshot --format ai --limit 3000 --target-id "\x3CtargetId>"

# Click an element by its ref
openclaw browser --browser-profile openclaw click "\x3Cref>" --target-id "\x3CtargetId>"

# Type text into an input and submit the form
openclaw browser --browser-profile openclaw type "\x3Cref>" "\x3Ctext>" --submit --target-id "\x3CtargetId>"

# Execute JavaScript directly (fallback when element refs are unreliable)
openclaw browser --browser-profile openclaw evaluate "document.querySelector('\x3Cselector>').click()" --target-id "\x3CtargetId>"

Login Flow

Follow this sequence. If Instacart's UI has changed (e.g. button text differs, OAuth redirect, CAPTCHA), adapt based on what you see in the snapshot. Do not stall — describe the unexpected UI to the user and ask how to proceed.

Aim for ~8 tool calls. Verification email delays or retries may push beyond this — that's fine.

  1. Open INSTACART_URL → get targetId
  2. Snapshot → check for "Log in" button. If no login button, you're already logged in — done.
  3. Click the "Log in" button
  4. Type INSTACART_EMAIL into the email field with --submit
  5. Fetch verification code via gog (see below) — this is one exec call
  6. Snapshot → find the code input field
  7. Type the 6-digit code into the verification field with --submit
  8. Snapshot → confirm logged-in state (account menu visible)

Retrieving the Verification Code

Use gog CLI. This is the only method. Never open Gmail, Yahoo, Outlook, or any email provider in the browser.

gog gmail messages search "from:instacart subject:verification newer_than:10m" \
  --account "\x3CINSTACART_CODE_EMAIL>" --json --max 1

The code is the 6-digit number in the email subject (e.g. "109781 is your Instacart verification code"). Extract it with a regex or from the subject field.

If no results, wait 20 seconds and retry once. If still nothing, ask the user for the code.

What NOT to do during login

  • Do not open Gmail/email in the browser. This wastes 15-20 tool calls on Google's login flow and will fail.
  • Do not insert wait calls between steps. Browser commands already wait for page readiness.
  • Do not snapshot after every click. Only snapshot when you need to discover element refs (steps 2, 6, 8).

Response Style

  • Short, transactional updates.
  • Say what you see on the page and what actions are available.
  • Confirm exactly what changed in the cart after each action.
  • One short question at a time when something is ambiguous.
Usage Guidance
This skill largely does what it says (it drives a browser to place Instacart orders), but before installing you should: (1) inspect any .env or .env.personal file you use and avoid putting unrelated secrets there — ideally provide a dedicated env file with only INSTACART_* values so the skill can read only what it needs; (2) only set INSTACART_CODE_EMAIL if you are comfortable allowing the gog CLI to access that mailbox (use a dedicated mailbox or service account); (3) confirm the openclaw browser profile contains the saved address/payment methods the skill expects so it doesn't prompt for additional sensitive actions; (4) prefer running this skill in an isolated environment (separate agent/user profile) to limit exposure of other credentials; and (5) ask the skill author to clarify and tighten instructions so the agent reads only the required variables (not the entire env file) and to make gog truly optional in the metadata.
Capability Analysis
Type: OpenClaw Skill Name: instacart-skill Version: 0.1.0 The skill is classified as suspicious due to the presence of high-risk capabilities, specifically the `openclaw browser evaluate` command which allows arbitrary JavaScript execution within the browser context, and the agent's instruction to execute `openclaw browser stop` and `start` system commands for self-recovery. While these capabilities are presented with benign intent and strong safety instructions in `SKILL.md` (e.g., 'Never click Place Order / Pay Now without explicit user confirmation'), they represent powerful primitives that could be exploited if the agent's reasoning is compromised or if future modifications introduce vulnerabilities. There is no evidence of intentional malicious behavior like data exfiltration or persistence.
Capability Assessment
Purpose & Capability
Name, description and required binaries (openclaw for browser automation) align with the stated purpose. The inclusion of the 'gog' CLI in the required binaries is plausible for fetching verification codes but the registry metadata marks it as unconditionally required even though the SKILL.md only needs it if INSTACART_CODE_EMAIL is set — a minor mismatch.
Instruction Scope
The SKILL.md explicitly instructs the agent to read an env file (e.g. .env.personal) and memory/instacart-storefronts.json before opening the browser. It does not strictly constrain the read to only the INSTACART_* variables, which risks exposing other secrets contained in that file. The skill also instructs the agent to fetch verification codes from the user's email using the gog CLI (if INSTACART_CODE_EMAIL is set), and to run local openclaw browser stop/start/status commands if the browser subsystem crashes — all of which are within scope for browser automation but increase the set of sensitive data and local actions the agent will touch.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is downloaded or written to disk during install — low installation risk.
Credentials
Only INSTACART_URL and INSTACART_EMAIL are declared as required env vars (and an optional INSTACART_CODE_EMAIL). However the instructions request reading an env file directly, which can expose unrelated environment variables and secrets if that file contains more than the declared INSTACART_* entries. Requiring the gog binary is reasonable for automated code retrieval but is over-broad if it's listed as always required when it is only used conditionally.
Persistence & Privilege
always is false and the skill does not request modification of other skills or global agent settings. Model invocation is enabled (normal), so the agent could run this skill autonomously when eligible — note this is normal but increases blast radius if combined with other issues.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install instacart-skill
  3. After installation, invoke the skill by name or use /instacart-skill
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of the Instacart ordering skill. - Place grocery orders on Instacart using browser automation. - Supports product search, reorder from order history, smart lookback (auto-suggest items based on past cadences), and nightly auto-replenishment summary. - Requires OpenClaw browser and an authenticated Instacart account; optional support for email verification code retrieval via gog CLI. - Includes guidance for storefront mapping, cart management (including clearing cart), reliable browser error recovery, and explicit safety checks before placing orders. - Optimized for minimal latency by batching tool calls and snapshotting only as needed.
Metadata
Slug instacart-skill
Version 0.1.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Instacart?

Place grocery orders on Instacart via browser automation. Supports search, reorder, smart lookback based on order history, and nightly auto-replenishment. It is an AI Agent Skill for Claude Code / OpenClaw, with 400 downloads so far.

How do I install Instacart?

Run "/install instacart-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Instacart free?

Yes, Instacart is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Instacart support?

Instacart is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Instacart?

It is built and maintained by bigdaddyluke (@bigdaddyluke); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments