Skillv1.0.1

ClawScan security

Book Dog Walker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 11, 2026, 9:06 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (finding and booking dog-walkers via Lokuli MCP) matches its instructions and has no surprising installs or requested credentials, but the SKILL.md is incomplete (no auth details) and has small inconsistencies that reduce confidence.
Guidance: This skill appears to do what it says and doesn't request unusual permissions, but the runtime instructions are incomplete. Before installing or using it: 1) Confirm the lokuli.com endpoint is legitimate (verify domain and privacy policy). 2) Determine how authentication/authorization should be provided (API key, user OAuth, headers) — the SKILL.md does not describe this. 3) Expect to provide personal data (name, email, phone) when creating bookings; ensure you have user consent and understand where that data is sent. 4) Verify the agent's 'tools/call' mappings and any headers the agent will attach so bookings or payments are not sent anonymously. 5) Test with dummy data first (no real payment or private info). The minor SSE/POST wording inconsistency suggests the author may have left implementation details unspecified — treat this skill as functional but incomplete rather than malicious.

Purpose & Capability: okName/description describe booking dog-walkers and the instructions provide RPC-style search, availability check, and booking calls against a Lokuli MCP endpoint. There are no unrelated binaries, environment variables, or installs requested.
Instruction Scope: noteInstructions narrowly describe sending JSON-RPC-style calls (search, check_availability, create_booking) to a Lokuli MCP SSE endpoint and include example parameters. They do not instruct reading local files or unrelated environment variables. However, the SKILL.md omits any authentication/authorization or header requirements and contains a minor transport inconsistency (labels endpoint as SSE but says POST requests), so the runtime behavior is underspecified.
Install Mechanism: okInstruction-only skill with no install spec and no code files; nothing will be written to disk by the skill itself.
Credentials: okThe skill requests no environment variables or credentials. That is proportionate to the declared metadata, but may be unrealistic in practice—booking endpoints commonly require API keys or user authentication, and the SKILL.md provides no guidance for that.
Persistence & Privilege: okalways:false and no install/persistence actions. The skill does not request elevated or persistent privileges or attempt to modify other skills or system configuration.