Skillv1.0.1

ClawScan security

Book Catering · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:06 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and network calls match its stated purpose (booking via Lokuli's MCP) and it doesn't request extra credentials or system access, but some minor transparency gaps (no homepage, unknown source, sample hard-coded values) merit caution.
Guidance: This skill appears to do what it says—call Lokuli's MCP to search and create catering bookings—and it doesn't request local credentials or installs. Before enabling it, confirm you trust the destination domain (https://lokuli.com) because booking actions will send customer details (name, email, phone) to that external endpoint. Also ask the publisher how authentication is handled (the skill provides no env vars or token requirements). If you plan to use real user data, ensure the agent will prompt you to confirm or replace the example placeholders rather than sending them as-is. If the skill's source or homepage remains unknown, prefer caution or run it with limited test data first.

Review Dimensions

Purpose & Capability: noteThe name/description map to the SKILL.md: it targets Lokuli's MCP endpoint and provides JSON-RPC payloads for searching, checking availability, and creating bookings. One noteworthy mismatch: the skill declares no credentials or auth mechanism even though booking APIs often require authentication; this may be intentional (public API or auth handled by the platform) but is unexplained.
Instruction Scope: okThe instructions are narrowly scoped to calling the Lokuli MCP SSE endpoint with specific JSON-RPC tool calls (search, check_availability, create_booking). They do not instruct reading local files, environment variables, or unrelated system state. The SKILL.md includes placeholder/hardcoded sample values (zip code, dates, customer info) that the agent must replace with actual user data.
Install Mechanism: okNo install spec and no code files — instruction-only — so nothing is written to disk. This is the lowest-risk install model.
Credentials: noteThe skill requests no environment variables or credentials. That is proportionate if Lokuli's MCP accepts unauthenticated requests or the platform supplies auth elsewhere, but it's unusual for a booking integration and worth confirming. The SKILL.md does send customer-identifying fields (name, email, phone) to an external endpoint (lokuli.com).
Persistence & Privilege: okalways is false and the skill is user-invocable only. It does not request persistent system changes or elevated privileges.