Book Facial
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s purpose is coherent, but it can create real bookings and send personal contact details to an external MCP service without clear instructions to get final user confirmation.
Before installing, make sure you are comfortable with an external booking service receiving your name, email, phone number, location, and appointment preferences. Ask the agent to confirm all appointment details and wait for your explicit approval before it creates any booking.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could book an appointment that affects the user and the provider before the user has explicitly reviewed all details.
The skill documents a tool that can create an appointment using user contact information, but the instructions do not define a required confirmation step or limits for high-impact booking actions.
"name": "create_booking", "arguments": { "providerId": "xxx", "serviceId": "yyy", "timeSlot": "2025-02-10T14:00:00-08:00", "customerName": "John Doe", "customerEmail": "john@example.com", "customerPhone": "+13105551234" }Require the agent to show the provider, service, time, price if available, contact details, and cancellation terms, then obtain explicit user confirmation before calling create_booking.
Personal contact details may be transmitted to Lokuli and potentially to the selected service provider as part of the booking process.
The skill routes booking operations through a third-party MCP endpoint and includes personal contact fields. This is purpose-aligned, but users should understand what data is sent externally.
MCP Endpoint: https://lokuli.com/mcp/sse ... create_booking ... "customerName", "customerEmail", "customerPhone"
Only provide the minimum necessary contact information and confirm that the user agrees to send it to the booking service before proceeding.