Skillv1.0.1

ClawScan security

Book Landscaper · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:06 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (finding and booking landscapers) matches the actions shown, but the instructions contain ambiguous/missing authentication details and hard-coded sample data that could cause accidental data leakage or misuse.
Guidance: This skill appears to implement search/check/create booking flows, but it has gaps you should resolve before installing: 1) Verify the lokuli.com endpoint and the publisher (no homepage or trusted owner metadata provided). 2) Ask whether Lokuli MCP requires API keys or authentication — the SKILL.md provides no auth guidance. 3) Ensure the agent will always prompt the user to supply and confirm personal details (name, phone, email, zip code) rather than using the hard-coded examples; otherwise you risk accidental data submission. 4) Confirm what data is sent to lokuli.com and whether you are comfortable with that external transmission. 5) Prefer a skill that documents required authorization, error handling, and an explicit user confirmation step before creating bookings. If these questions are unanswered, treat the skill as untrusted and avoid enabling autonomous booking actions.

Review Dimensions

Purpose & Capability: noteThe name/description match the documented operations (search, check_availability, create_booking). The skill does not request unrelated credentials or system access, which is proportionate. However, the SKILL.md includes a hard-coded zip code (90640) and example customer data (John Doe, john@example.com, +1...) that are test artifacts and not justified by the description.
Instruction Scope: concernThe instructions reference an MCP endpoint (https://lokuli.com/mcp/sse) and describe JSON-RPC/SSE transport but provide no authentication or authorization guidance. The 'Tools' section shows JSON payloads (via a 'tools/call' wrapper) with sample values — there are no explicit runtime steps telling the agent to prompt the user for their real name, email, phone, zip code, or to confirm substitutions. This omission could lead to it sending default/test personal data or submitting bookings without explicit user-provided details/consent.
Install Mechanism: okInstruction-only skill with no install spec or code files; nothing is written to disk. This is the lowest install risk.
Credentials: noteThe skill declares no environment variables or credentials. That is reasonable if Lokuli MCP accepts unauthenticated requests, but unusual for a booking service which commonly requires auth. The lack of declared credentials or guidance on required API keys/tokens is an ambiguity worth clarifying.
Persistence & Privilege: okSkill is not always-enabled, does not request config paths, and does not declare elevated privileges. Autonomous invocation is allowed (platform default) but not combined here with other high privileges.