Back to skill
Skillv1.0.1
ClawScan security
Book Color · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:06 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions match its stated purpose (finding and booking 'color' services via Lokuli's MCP endpoint) and it makes no disproportionate environment or install requests, but the publisher and authentication details are missing so exercise caution before sending personal data.
- Guidance
- This skill appears to do what it says (call Lokuli's MCP to search and create bookings), but before installing consider: (1) the publisher/source is unknown and there is no homepage—verify you trust 'lokuli.com' and the skill owner; (2) the SKILL.md will send user contact details (name, email, phone) to https://lokuli.com/mcp/sse — confirm you are happy transmitting PII to that endpoint; (3) the skill provides no authentication or API-key instructions — if the service requires credentials the skill may prompt you for them or fail; (4) if you enable autonomous invocation, the agent could initiate bookings on your behalf, so prefer manual invocation until you confirm behavior. If you need higher assurance, ask the publisher for an official README, privacy policy, and example of the auth flow before installing.
Review Dimensions
- Purpose & Capability
- okName/description align with the runtime instructions: the SKILL.md shows JSON-RPC calls to Lokuli's MCP for searching, checking availability, and creating bookings. There are no unrelated binaries, env vars, or paths requested.
- Instruction Scope
- noteInstructions are narrowly scoped to calling the Lokuli MCP endpoint and invoking three tool RPCs (search, check_availability, create_booking). However the create_booking example includes personal contact fields (name, email, phone) and the spec does not document consent, data handling, or what data will be transmitted — the agent will be expected to send user PII to https://lokuli.com/mcp/sse when used.
- Install Mechanism
- okNo install steps or code files are provided (instruction-only skill), so nothing is downloaded or written to disk by the installer.
- Credentials
- noteThe skill declares no environment variables or credentials. That is consistent only if Lokuli's MCP accepts unauthenticated requests; the SKILL.md provides no auth or API-key guidance. Absence of auth details is a potential gap (either the service is public, or required credentials are unlisted).
- Persistence & Privilege
- okThe skill is not force-included (always:false) and does not request elevated privileges or modify other skills. Autonomous invocation is allowed by platform default, which is expected for a user-invocable tool.