← Back to Skills Marketplace
jasonahorn

Kroger Api.Skill

by jasonahorn · GitHub ↗ · v1.0.0
cross-platform ✓ Security Clean
639
Downloads
1
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install kroger-api-skill
Description
Search Kroger/QFC products, manage cart, check pickup availability, and create pickup orders using the official Kroger API.
README (SKILL.md)

Kroger/QFC API Skill

Overview

Skill for searching Kroger/QFC products, managing cart, checking pickup availability, and creating pickup orders. Uses official Kroger API. QFC chain ID: 213.

Setup

  1. Sign up at developer.kroger.com, create app.
  2. Add redirect URI e.g. http://localhost
  3. Scopes: product.compact locations.read fulfillment.readwrite orders.pickup.create
  4. Edit state.json: add client_id, client_secret, chain_id: "213"
  5. OAuth:
    • python3 scripts/client.py --state state.json oauth-url
    • Visit URL, login, authorize.
    • Copy code from redirect (e.g. http://localhost?code=ABC123)
    • python3 scripts/client.py --state state.json oauth-exchange ABC123

Usage (via exec)

Run from workspace root:

Search products

python3 kroger-api.skill/scripts/client.py search \"milk\" --chain-id 213 --limit 5

Output: JSON products with id (UPC), attributes.description, attributes.brand etc.

Find locations

python3 kroger-api.skill/scripts/client.py locations 98101 --chain-id 213

Output: locations with id, attributes.address.addressLine1 etc.

Cart (local)

python3 kroger-api.skill/scripts/client.py cart-add 0001111101001 2  # UPC qty
python3 kroger-api.skill/scripts/client.py cart-get
python3 kroger-api.skill/scripts/client.py cart-clear

Check availability

python3 kroger-api.skill/scripts/client.py availability LOC123 --items '[{"upc":"UPC","quantity":1}]'

Create order

python3 kroger-api.skill/scripts/client.py order-create LOC123 \"2026-02-14T10:00:00Z\" --items '[{"upc":"UPC","quantity":1}]'

Grocery list integration

Create grocery-list.txt:

milk
bread
eggs

python3 kroger-api.skill/scripts/client.py grocery --zip 98101

Lists items & locations. Agent: for each item search, pick UPC (e.g. first result), add_to_cart, then availability, order.

Agent Workflow Example

  1. User: "Add milk and eggs to Kroger cart"
  2. Search "milk", pick UPC1, cart-add
  3. Search "eggs", pick UPC2, cart-add
  4. User: "Find QFC near 98101" → locations
  5. Set location-set LOC
  6. cart-get → items
  7. availability → pick slot
  8. order-create with slot time.

State

state.json: tokens, cart, location_id.

Notes

  • Endpoints based on Kroger API docs. Verify at developer.kroger.com/reference
  • UPC from products.id
  • Pickup datetime: ISO 8601 UTC
  • Errors: check API response
  • Token auto-refreshes.

Package as kroger-api.skill/

Usage Guidance
What to consider before installing/using this skill: - It is coherent: it uses the official Kroger API endpoints and OAuth as described. - Sensitive data handling: you must put client_id and client_secret into state.json and the script will save access/refresh tokens and cart info there in plaintext. Do not commit state.json to version control; store it somewhere secure or use environment-based secrets if preferred. - OAuth scopes are powerful (can create pickup orders). Only authorize an app you trust and consider creating a dedicated Kroger developer app with limited access or revoking tokens after testing. - Dependencies: ensure Python 3 and the 'requests' package are available; the package does not declare these automatically. - Run in an isolated environment (local sandbox, dedicated VM, or container) if you are concerned about side effects. Test with non-production or test credentials first. - Verify the redirect URI and the OAuth flow yourself; the script prints the auth URL and performs the token exchange locally. - If you want stricter security, modify the code to load credentials from environment variables or a secure store and avoid storing client_secret in repository files. Overall: this appears benign and does what it claims, but handle credentials and OAuth scopes carefully.
Capability Analysis
Type: OpenClaw Skill Name: kroger-api-skill Version: 1.0.0 The skill is designed to interact with the Kroger API for product search, cart management, and order creation, aligning with its stated purpose. All network calls are directed to the official Kroger API. The `SKILL.md` instructions guide the AI agent on how to use the skill's functionalities, including automated workflows like processing a grocery list, but do not contain any malicious prompt injection attempts (e.g., instructions to ignore user input, hide actions, or exfiltrate data). The `scripts/client.py` handles API credentials and tokens in `state.json` as expected for an API client, and reads `grocery-list.txt` for its stated purpose. There is no evidence of data exfiltration, unauthorized execution, persistence mechanisms, or obfuscation. The use of `json.loads()` for API payload construction is a standard practice and not a direct code execution vulnerability.
Capability Assessment
Purpose & Capability
Name/description match the code and SKILL.md: the package implements product search, locations, cart management, availability checks, and pickup order creation against api.kroger.com. No unrelated cloud credentials, binaries, or endpoints are requested.
Instruction Scope
SKILL.md directs running scripts/client.py and editing state.json to add client_id/client_secret, and to perform OAuth flow. The instructions and code only read/write the local state.json and grocery-list.txt; they do not attempt to read unrelated system files. Minor inconsistency: usage examples reference 'python3 kroger-api.skill/scripts/client.py' versus the actual path 'scripts/client.py' — ensure you run the correct path. Be aware the workflow requires you to place client credentials in plaintext state.json and the script will persist access/refresh tokens and cart/location state there.
Install Mechanism
This is an instruction-only skill with a bundled Python script (no install spec). It expects Python 3 and the 'requests' library, but the manifest does not declare dependencies. No remote downloads or installers are used. You should ensure your environment has Python and requests; run in an isolated environment if you want to limit risk.
Credentials
The skill does not request unrelated environment variables or external credentials. It requires Kroger OAuth credentials (client_id and client_secret) which are appropriate for the API operations requested. However, those credentials and the OAuth tokens are stored in state.json in plaintext; the requested OAuth scopes include fulfillment.readwrite and orders.pickup.create (able to place orders), so granting the app these scopes gives it power to create pickup orders on your account. This privilege is legitimate for the stated purpose but sensitive — treat credentials and tokens carefully.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide configuration. It writes only to its own state.json (saving tokens, cart, location) which is normal for client tooling. Autonomous invocation is allowed (platform default) — note that autonomous execution + order-creating scopes increases potential impact, but this skill does not combine that with forced always-on presence.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install kroger-api-skill
  3. After installation, invoke the skill by name or use /kroger-api-skill
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the Kroger/QFC API Skill. - Provides search for Kroger/QFC products, store locations, and item availability using the official Kroger API. - Supports cart management: add, view, and clear items locally. - Enables pickup order creation and slot selection. - Integrates with grocery lists for streamlined item handling. - Includes detailed setup and usage instructions for authentication and API usage. - Requires API credentials and OAuth setup via developer.kroger.com.
Metadata
Slug kroger-api-skill
Version 1.0.0
License
All-time Installs 2
Active Installs 2
Total Versions 1
Frequently Asked Questions

What is Kroger Api.Skill?

Search Kroger/QFC products, manage cart, check pickup availability, and create pickup orders using the official Kroger API. It is an AI Agent Skill for Claude Code / OpenClaw, with 639 downloads so far.

How do I install Kroger Api.Skill?

Run "/install kroger-api-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Kroger Api.Skill free?

Yes, Kroger Api.Skill is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Kroger Api.Skill support?

Kroger Api.Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Kroger Api.Skill?

It is built and maintained by jasonahorn (@jasonahorn); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments