Book Color

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill is a simple, purpose-aligned Lokuli booking connector, but it may send your contact details to a third-party MCP endpoint and create an appointment.

This appears safe to use for its stated purpose, but treat the final booking step like any real appointment request: verify the provider, time, service, and contact details before confirming, and only share personal information you are comfortable sending to Lokuli.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

The agent could create a real appointment if the user proceeds with booking details.

Why it was flagged

The skill exposes a tool that can create an external service booking. This is aligned with the skill's stated purpose, but it is a user-impacting action that should be performed only after confirming the provider, service, time, and contact details.

Skill content

"name": "create_booking", "arguments": { "providerId": "xxx", "serviceId": "yyy", "timeSlot": "2025-02-10T14:00:00-08:00"

Recommendation

Confirm the provider, service, date/time, and any cancellation or fee terms before allowing the final booking call.

Low

#ASI07: Insecure Inter-Agent Communication

What this means

Your name, email, phone number, location/search terms, and appointment choices may be sent to Lokuli or its providers.

Why it was flagged

The skill documents an external MCP endpoint and a booking payload containing customer contact information. This data sharing is expected for booking, but it sends personal information to a third-party service.

Skill content

https://lokuli.com/mcp/sse ... "customerName": "John Doe", "customerEmail": "john@example.com", "customerPhone": "+13105551234"

Recommendation

Share only the contact information needed for the booking and review the service's privacy expectations if sensitive.

Info

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

It may be harder to verify who maintains the skill or the external service it connects to.

Why it was flagged

The artifact does not provide a source repository or homepage for independent verification. There is no local code or install script, so this is a provenance note rather than evidence of malicious behavior.

Skill content

Source: unknown; Homepage: none

Recommendation

Use it only if you trust the Lokuli endpoint and are comfortable sharing booking details with that service.