Back to skill
Skillv1.0.1
ClawScan security
Book Bartender · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewFeb 11, 2026, 9:06 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions broadly match a booking purpose, but it will transmit user personal data to an external MCP endpoint with no auth/ownership details, uses hardcoded example inputs, and omits important operational details — this mismatch warrants caution.
- Guidance
- This skill appears to implement bartender booking via Lokuli's MCP and will send personal data (name, email, phone, location) to https://lokuli.com/mcp/sse. Before installing or enabling it, verify the service owner (homepage or contact), confirm how authentication is handled (the SKILL.md provides no auth or token requirements), ensure you and your users consent to sending PII to that domain, and ask the author to remove hardcoded example data and explain how providerId/serviceId are resolved. If you cannot verify Lokuli's legitimacy or how credentials are managed, treat the skill with caution or avoid installing it.
Review Dimensions
- Purpose & Capability
- noteName/description match the instructions: the SKILL.md describes searching and creating bookings via Lokuli's MCP. Requiring external JSON-RPC calls to a booking MCP is coherent with the stated purpose. However, the SKILL.md contains hardcoded example parameters (zipCode 90640, sample customer info) and placeholder IDs (xxx/yyy) instead of describing how real credentials/IDs are obtained, which reduces clarity about how the capability will function in practice.
- Instruction Scope
- concernRuntime instructions send customer-identifying data (name, email, phone, zip code) to an external endpoint (https://lokuli.com/mcp/sse). The skill does not document authentication, consent, or data handling; it also hardcodes a zip code and example dates/times (some are in the past). The instructions are permissive about sending PII to an external service and leave critical details (how providerId/serviceId are resolved, how to obtain user consent) unspecified.
- Install Mechanism
- okInstruction-only skill; no install spec, no downloads, and no code files. This minimizes installation risk because nothing is written to disk by an installer.
- Credentials
- concernThe skill declares no required environment variables or credentials but calls an external MCP endpoint that likely requires authentication in real use. The lack of declared auth, tokens, or guidance about where provider IDs come from is disproportionate: either the platform is expected to mediate calls (not documented) or credentials are omitted. Also, sending user PII externally without describing consent or privacy handling is a proportionality concern.
- Persistence & Privilege
- okalways is false and the skill does not request to persist or modify other agent/system configurations. It does not request elevated platform presence.