Back to skill
Skillv1.0.1
ClawScan security
Book Cake · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:06 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only booking helper for a Lokuli MCP endpoint that requests no credentials, binaries, or installs and is internally consistent with its stated purpose; minor implementation/operational notes below.
- Guidance
- This skill appears internally consistent and low-risk because it is instruction-only and requests no credentials. Before installing or using it: (1) confirm that the MCP endpoint (https://lokuli.com/mcp/sse) is a trusted service you want to send customer data to, (2) ensure the agent prompts you to confirm customer name, email, phone, date/time, and payment details before calling create_booking (the SKILL.md provides examples but no user-consent flow), and (3) verify how cancellations, errors, and sensitive-data handling are surfaced to you. If you require provenance, request the publisher/homepage or additional documentation for Lokuli before relying on automated bookings.
Review Dimensions
- Purpose & Capability
- okName and description (book cake via Lokuli MCP) match the SKILL.md contents: the doc provides an MCP endpoint and JSON-RPC tool call templates for searching, checking availability, and creating bookings. No unrelated credentials, binaries, or installs are requested.
- Instruction Scope
- noteSKILL.md stays within booking scope (search, check_availability, create_booking) and does not instruct reading system files or unrelated environment variables. However the instructions are minimal: example payloads include hard-coded sample zip, dates, and customer data but the doc does not explicitly say how to collect/confirm user details, consent, or payment info before calling create_booking — this is an operational gap the integrator/agent should handle.
- Install Mechanism
- okNo install spec and no code files are present (instruction-only). This is lowest-risk from installation perspective — nothing is written to disk or downloaded by the skill itself.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. That aligns with the simple JSON-RPC templates shown; no excessive or unrelated secrets are requested.
- Persistence & Privilege
- okalways is false and the skill does not request modification of other skills or system-wide agent settings. It can be invoked autonomously by the agent (platform default), which is expected for a service-integration skill.