Book Flooring
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent flooring-booking skill, but it can create real bookings with customer contact details through a remote MCP endpoint without documented confirmation safeguards.
Before using this skill, verify that you trust Lokuli and instruct the agent not to call create_booking until you explicitly approve the exact provider, service, date/time, and contact details. Share only the contact and location information needed for the booking.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using the skill could submit a booking request before the user has reviewed and approved the final provider, service, time, and contact details.
This shows a state-changing booking action using customer contact information. The supplied SKILL.md lists the call schema but does not include a requirement to obtain explicit user approval before submitting a booking.
"name": "create_booking" ... "timeSlot": "2025-02-10T14:00:00-08:00", "customerName": "John Doe", "customerEmail": "john@example.com", "customerPhone": "+13105551234"
Require explicit confirmation immediately before create_booking, and show the selected provider, service, time slot, customer details, and any known terms before submitting.
Your ZIP code, name, email, phone number, and booking preferences may be sent to Lokuli or downstream service providers.
The skill directs the agent to a remote MCP endpoint and the booking call includes personal contact fields. This is expected for booking services, but it means user data may be shared with the external MCP service.
"https://lokuli.com/mcp/sse" ... "customerEmail": "john@example.com", "customerPhone": "+13105551234"
Only provide the information needed to book, verify that you trust the Lokuli endpoint, and prefer a workflow that clearly states what data will be sent before submission.