← Back to Skills Marketplace
Zepto
by
bewithgaurav
· GitHub ↗
· v1.0.6
1607
Downloads
2
Stars
1
Active Installs
7
Versions
Install in OpenClaw
/install zepto
Description
Order groceries from Zepto in seconds. Just say what you need, get a payment link on WhatsApp, pay on your phone, done. Remembers your usual items. Works across India where Zepto delivers.
Usage Guidance
What to check before installing/using this skill:
1) WhatsApp sending: verify how payment links are sent. The SKILL.md claims WhatsApp will receive the link, but the repo lacks explicit WhatsApp-sending code — confirm your platform-level WhatsApp channel is configured and that the skill will not ask you to paste credentials or send messages via an untrusted third party.
2) Review scraping behavior: the skill visits your Zepto account order pages and scrapes DOM text. Inspect zepto-parser.js and the scraping steps to ensure only item names and counts are saved. If you have sensitive address or order metadata in those pages, test scraping in a disposable account or profile first.
3) Check local storage: order-history.json is written to your skill directory (~/.openclaw/skills/zepto/). Inspect the file after running and delete it if you don't want a local shopping history. Make sure it doesn't accidentally include addresses/phone numbers.
4) Limit autonomous actions: if you are uncomfortable with the skill acting without an explicit prompt, disable autonomous invocation for this skill in your agent settings (or run it only on-demand). The code contains an agent component capable of performing browser actions.
5) Test in a safe environment: run initial tests with a throwaway Zepto account or in a separate browser profile to observe behavior, and watch for unexpected network activity or captured data.
6) Code review: if you will rely on this skill, have someone with Node/browser-automation familiarity quickly review zepto-agent.js, zepto-ops.js, and zepto-parser.js to validate that only the intended fields are captured and that no hidden network endpoints or credentials are used.
If you can't verify the WhatsApp flow or are unable to confirm the scraper only captures item names, treat the skill with caution.
Capability Analysis
Type: OpenClaw Skill
Name: zepto
Version: 1.0.6
The OpenClaw skill bundle is classified as benign. Its primary function is to automate grocery ordering on Zepto.com using browser automation, which is a powerful but necessary capability for its stated purpose. The skill is transparent about its actions, explicitly disclaims malicious behaviors (e.g., no automatic payments, no external data transmission beyond Zepto.com and WhatsApp, no credential storage, no persistent background jobs), and the code aligns with these statements. Instructions in `SKILL.md` guide the AI agent to follow safe operational procedures, such as always confirming the address and checking the cart, rather than attempting prompt injection for malicious ends. Local file storage for `order-history.json` is disclosed and used for a legitimate 'usuals' feature. While browser JavaScript execution (`browser act request='{"fn":"..."}'`) is a high-risk capability, the provided JavaScript is confined to Zepto.com DOM manipulation for the skill's intended functionality.
Capability Assessment
Purpose & Capability
The skill name/description (Zepto grocery ordering) matches the code and SKILL.md: it automates Zepto via the OpenClaw browser tool and stores a local order history. It requests only browser.enabled (expected). However, SKILL.md/README claim it will "send payment links via WhatsApp" but the included codebase does not contain an explicit WhatsApp API integration or code that clearly constructs/sends WhatsApp messages; the README relies on a pre-configured WhatsApp channel at the platform level. This is plausible but not implemented in the repo — an implementation gap the user should verify.
Instruction Scope
The runtime instructions and code perform DOM scraping of the user's Zepto account pages (visiting delivered order URLs and extracting lines of text) and then write aggregated data to a local file ({SKILL_DIR}/order-history.json). While extracting item names is the stated purpose, the scraper visits full order pages and could inadvertently capture additional personal data (addresses, order metadata) unless the extraction is strictly filtered. The SKILL.md/SECURITY.md assert only item names are stored, but that guarantee depends on the scraper's correctness — the scraping instructions are broad and could capture more than claimed.
Install Mechanism
There is no install spec (instruction-only install) — the code runs using Node.js and the OpenClaw browser tool already present. No remote downloads or external install URLs are present. That lowers surface risk; however the package contains executable agent code (zepto-agent.js, zepto-ops.js) which will be run locally and can control the browser and write files.
Credentials
The skill requests no environment secrets and only needs browser.enabled, which is appropriate for a browser automation skill. However, browser control is a high-scope permission: any skill with browser access can interact with arbitrary sites the logged-in user has sessions for (cookies, other services). The declared lack of credential access (no OTP storage, no payment storage) is reasonable, but you must trust that the skill's scraping and parsing logic won't capture or persist extra sensitive info from pages.
Persistence & Privilege
The skill is not marked always:true and does not request background cron jobs; the PUBLISH_CHECKLIST and SECURITY.md assert no persistent background jobs. However, the repo includes an autonomous executor (zepto-agent.js described as "Autonomous Task Executor") and the platform default allows model invocation. That means the skill —if the model or agent is permitted— could run these browser actions autonomously. This is expected for skills but increases blast radius; if you don't want autonomous browser actions, consider disabling model invocation for this skill.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install zepto - After installation, invoke the skill by name or use
/zepto - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.6
Added programmatic address selection with fuzzy matching. Use 'node zepto-agent.js select-address <name>' to switch addresses easily.
v1.0.5
Improved: Much better description with real examples. Clear, concise, user-friendly. Shows actual usage and highlights 30-second ordering flow.
v1.0.4
Security: Completely removed ALL cron job functionality. Order verification only on explicit user 'DONE' message. Payment message now explicitly asks user to inform when paid.
v1.0.3
Security: Removed cron jobs, added SECURITY.md, removed all personal data. Improved: Address confirmation mandatory, smart cart clearing, payment verification. Fixed: Cart persistence after payment.
v1.0.2
Improved: Address confirmation mandatory, smart cart clearing, payment verification. Fixed: Cart persistence.
v1.0.1
- Added detailed documentation files: ARCHITECTURE.md, functions.md, ZEPTO_AUTH.md, LEARNINGS.md, PROGRESS.md, and NO-SCREENSHOTS.md.
- Introduced order-history.json and scraper.js to enable automated retrieval and tracking of Zepto order history.
- Added capabilities.js and auto-scrape.sh for feature extensibility and automation.
- SKILL.md updated with streamlined instructions and enhanced modularization.
- Overall improvement in codebase organization for maintainability and onboarding.
v1.0.0
Zepto Skill v1.0.0
- Introduces full Zepto automation: login/authentication, address selection, smart grocery shopping with personalized recommendations, and payment link creation.
- Automated order history scraping to track and prioritize your most-ordered items for recommendations and "add to cart" actions.
- Step-by-step conversation flows for authentication, address confirmation, shopping, and payment—optimized for typical Zepto workflows.
- Smart selection: If you’ve ordered an item 2+ times, it’s auto-picked; otherwise, you’re shown the best options for manual choice.
- Order history can be updated on demand via web automation, keeping recommendations fresh and accurate.
- Supports "explore" and "discovery" shopping scenarios, with browsing and category navigation built in.
Metadata
Frequently Asked Questions
What is Zepto?
Order groceries from Zepto in seconds. Just say what you need, get a payment link on WhatsApp, pay on your phone, done. Remembers your usual items. Works across India where Zepto delivers. It is an AI Agent Skill for Claude Code / OpenClaw, with 1607 downloads so far.
How do I install Zepto?
Run "/install zepto" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Zepto free?
Yes, Zepto is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Zepto support?
Zepto is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Zepto?
It is built and maintained by bewithgaurav (@bewithgaurav); the current version is v1.0.6.
More Skills