Book Auto Body
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: book-auto-body Version: 1.0.1 The skill defines tools in SKILL.md that make external network calls to `https://lokuli.com/mcp/sse` and handle personally identifiable information (PII) such as customer name, email, and phone number for booking services. While these actions align with the stated purpose, they represent high-risk capabilities (external network access and PII handling) without explicit malicious intent, classifying it as suspicious. A minor typo in the SKILL.md title (`# uook auto uody`) is also present.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A booking could be made with an auto-body provider if the agent proceeds to the create_booking step.
The skill documents a tool that can create a real appointment, which is aligned with the booking purpose but should be treated as an action requiring explicit user confirmation.
"name": "create_booking", "arguments": { "providerId": "xxx", "serviceId": "yyy", "timeSlot": "2025-02-10T14:00:00-08:00"Confirm the provider, service, time slot, contact details, and any cancellation or cost implications before allowing the booking call.
Your name, email, phone number, ZIP code, and selected appointment details may be shared with Lokuli and/or the service provider to complete the booking.
The booking workflow includes sending personal contact information through the external Lokuli MCP service; this is purpose-aligned but privacy-relevant.
"customerName": "John Doe", "customerEmail": "john@example.com", "customerPhone": "+13105551234"
Only provide contact details you are comfortable sharing with the booking service, and verify the external service is one you trust.
You have limited information to verify who maintains the skill or the external MCP service it points to.
The artifact provides no source repository or homepage for independent provenance review, although there is also no local code or install package.
Source: unknown; Homepage: none
Use this skill only if you trust the listed Lokuli endpoint, and prefer skills with clear publisher and homepage information for sensitive bookings.