Book Facial

v1.0.1

Book facial services through Lokuli MCP. Use when user needs to find and book facial. Triggers on requests like "book a facial", "find facial near me", or any facial service request.

⭐ 1· 1.3k·0 current·0 all-time

byLokuli@edwardrodriguez703-design

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name/description match the instructions: SKILL.md defines RPC-style tool calls (search, check_availability, create_booking) against Lokuli's MCP endpoint, which is consistent with a booking skill. However, the skill does not declare any authentication/credential requirements even though a remote MCP endpoint typically requires auth — this mismatch is unexplained.

Instruction Scope

Instructions tell the agent to call external JSON-RPC tools and to send customerName, customerEmail, and customerPhone to https://lokuli.com/mcp/sse. The doc does not instruct how to collect/confirm user consent or how to protect or minimize PII before transmission. Example payloads contain hardcoded sample PII and fixed zip/date values, which could encourage accidental exfiltration if the agent substitutes real user data without safeguards.

✓

Install Mechanism

No install spec and no code files — instruction-only skill. This minimizes disk/write risk; nothing is downloaded or installed.

Credentials

The skill declares no required environment variables or credentials, yet it's designed to communicate with a third-party MCP endpoint and to submit personal data. If the endpoint requires API keys, auth tokens, or other secrets, those should be declared. The absence of declared credentials leaves ambiguity about how requests are authenticated and where sensitive data would be sent.

✓

Persistence & Privilege

Flags are default (not always:true). The skill does not request persistent system-level privileges or modify other skills' configs. Normal autonomous invocation is allowed (platform default).

What to consider before installing

This skill is instruction-only and matches its stated purpose, but it lacks important security and privacy details. Before installing, ask the publisher: (1) Does Lokuli's MCP require API keys or other auth? If so, where should those credentials be stored and why aren't they declared? (2) How will user PII (name, email, phone) be collected, confirmed, and protected before being sent to lokuli.com? (3) Is lokuli.com a trusted endpoint for your organization? If you proceed, ensure the agent prompts for explicit user consent before sending any personal data, that credentials (if required) are provided securely, and test the integration in a safe sandbox account first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ches225k5sy8xr2w0gfjgjs80mx65

1.3kdownloads

1stars

2versions

Updated 1mo ago

v1.0.1

MIT-0

uook facial

Book facial services through Lokuli's MCP server.

MCP Endpoint

https://lokuli.com/mcp/sse

Transport: SSE | JSON-RPC 2.0 | POST requests

Tools

search

{
  "method": "tools/call",
  "params": {
    "name": "search",
    "arguments": {
      "query": "facial",
      "zipCode": "90640",
      "maxResults": 20
    }
  }
}

check_availability

{
  "method": "tools/call",
  "params": {
    "name": "check_availability",
    "arguments": {
      "providerId": "xxx",
      "serviceId": "yyy",
      "date": "2025-02-10"
    }
  }
}

create_booking

{
  "method": "tools/call",
  "params": {
    "name": "create_booking",
    "arguments": {
      "providerId": "xxx",
      "serviceId": "yyy",
      "timeSlot": "2025-02-10T14:00:00-08:00",
      "customerName": "John Doe",
      "customerEmail": "john@example.com",
      "customerPhone": "+13105551234"
    }
  }
}

Comments

Loading comments...