Book Battery
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: book-battery Version: 1.0.1 The skill bundle defines tools for booking battery services through an external endpoint at `https://lokuli.com/mcp/sse`. All defined actions (search, check availability, create booking) are directly aligned with the stated purpose. There is no evidence of data exfiltration, malicious execution, persistence, or prompt injection attempts against the agent in `SKILL.md`. The external network interaction is a core part of the skill's functionality.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could potentially create a service booking or share the user's contact details before the user has clearly approved the final provider and time.
This shows the skill exposes a booking action that can submit personal contact details and create an appointment; SKILL.md does not include an explicit user-confirmation, cost-review, or cancellation safeguard before that action.
"name": "create_booking" ... "timeSlot": "2025-02-10T14:00:00-08:00", "customerName": "John Doe", "customerEmail": "john@example.com", "customerPhone": "+13105551234"
Require explicit user confirmation immediately before create_booking, including provider, service, time, contact details, price or fees if available, and cancellation terms.
Name, email, phone number, ZIP code, and booking preferences may be shared with the remote provider as part of normal booking.
The skill discloses a remote MCP endpoint and booking payload fields that include personal contact information, so user data would be sent outside the local agent to Lokuli's service.
https://lokuli.com/mcp/sse ... "customerEmail": "john@example.com", "customerPhone": "+13105551234"
Only send user-provided contact information after consent, and tell users that the details will be transmitted to Lokuli or its booking providers.
Users have limited provenance information for assessing who maintains the skill or validating the remote booking service beyond the disclosed endpoint.
The skill is instruction-only, but the registry metadata does not provide a source repository or homepage to independently verify the remote integration.
Source: unknown Homepage: none
Prefer a version with a verifiable homepage or source link, and confirm that lokuli.com is the intended service before using it for bookings.