Back to skill
Skillv1.0.0
ClawScan security
Book Beauty · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:05 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions align with its stated purpose (booking beauty services), but it will transmit customer contact data to an external MCP endpoint (lokuli.com) and does not declare how authentication or consent is handled — verify trust and privacy before use.
- Guidance
- This skill appears to do what it says (find and book beauty services), but before installing consider: (1) The SKILL.md will send personal data (name, email, phone) to https://lokuli.com — confirm that Lokuli is a trusted service and that the platform will supply any needed API credentials. (2) The skill does not describe authentication or data handling/consent; ask the publisher how customer data and checkout links are protected and where booking links point. (3) If you have privacy concerns, avoid providing real PII during testing, and require explicit user consent before creating bookings. If the source/publisher is unknown or unverifiable, treat the skill cautiously.
Review Dimensions
- Purpose & Capability
- okName/description (book beauty services) match the SKILL.md workflow and the provided JSON-RPC tool calls (search, check_availability, create_booking). The listed service types and steps are coherent with a booking skill.
- Instruction Scope
- noteThe instructions explicitly direct the agent to interact with an external MCP endpoint (https://lokuli.com/mcp/sse) using SSE/JSON-RPC and to call create_booking with customerName, customerEmail, and customerPhone. This is expected for making bookings, but it means the agent will transmit personal data to an external service; the SKILL.md does not describe authentication, consent handling, or where generated checkout links point.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — lowest-risk delivery method. Nothing is written to disk by the skill itself.
- Credentials
- noteThe skill declares no required environment variables or credentials, yet it calls an external MCP endpoint. Either the platform provides the necessary auth, or the SKILL.md is incomplete. Also, it expects to send personal customer data (name, email, phone) which is proportionate to booking functionality but requires privacy consideration.
- Persistence & Privilege
- okalways is false and model invocation is allowed (default). The skill does not request persistent system-level privileges, nor does it attempt to modify other skills or system-wide config in the instructions.