Back to skill
Skillv1.0.1
ClawScan security
Book Barber · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:05 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements are consistent with its stated purpose (finding and booking barbers), but the SKILL.md omits authentication and privacy details so some caution is warranted.
- Guidance
- This skill appears to do what it says, but the source is unknown and the instructions omit authentication and privacy details. Before installing or using it: 1) verify the lokuli.com endpoint is legitimate and trustworthy; 2) confirm how the agent is authenticated to the MCP (API key, OAuth, or public API) — the SKILL.md doesn't say; 3) ensure the agent will ask for explicit user consent before sending personal contact info (name/email/phone) to the remote service; 4) test with non-sensitive/dummy data first; and 5) prefer skills from known publishers or with documented auth and privacy behavior. If you cannot confirm how data is protected or authenticated, treat it with caution or avoid enabling it.
Review Dimensions
- Purpose & Capability
- okName/description (book barber services) matches the provided runtime instructions: search, check_availability, and create_booking against Lokuli's MCP endpoint. No unrelated binaries, env vars, or installs are requested.
- Instruction Scope
- noteInstructions are scoped to calling the Lokuli MCP endpoint via JSON-RPC/SSE and show templates for search/availability/booking. They do include example customer PII (name, email, phone) and a hard-coded zip code sample, and they do not describe consent/confirmation steps or how/when to prompt the user before transmitting personal data to the remote endpoint.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files—nothing is written to disk and no external packages are pulled in.
- Credentials
- noteThe skill declares no required environment variables or credentials. That is proportionate if the MCP endpoint is public or authentication is handled elsewhere, but the SKILL.md does not explain how the agent authenticates to lokuli.com or whether sensitive user data will be sent unauthenticated.
- Persistence & Privilege
- okNo always:true and no install means the skill does not request elevated persistence or modify agent/system configuration. Autonomous invocation is allowed by default (normal).