Back to skill
Skillv1.0.1
ClawScan security
Book Lashes · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:06 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions are consistent with its stated purpose (booking eyelash services via Lokuli's MCP endpoint), but it will send user contact data to an external service and the SKILL.md is minimal and lacks privacy/consent guidance.
- Guidance
- This skill appears to do what it says: call Lokuli's MCP to search and create lash bookings. Before installing or using it, consider: (1) it will send personal contact data (name, email, phone) to https://lokuli.com — verify you trust that destination and its privacy practices; (2) the SKILL.md doesn't require or show explicit user consent/confirmation steps, so ensure the agent asks the user to confirm any PII and booking details before sending; (3) example payloads include hardcoded zip code/date values — verify the agent will use the user's actual location and desired times; (4) the skill has no listed homepage or source owner info, so if provenance matters to you, seek more information from the publisher before enabling.
Review Dimensions
- Purpose & Capability
- okName/description (book lashes via Lokuli MCP) match the instructions: the SKILL.md points at a Lokuli MCP endpoint and provides JSON-RPC ’tools/call’ payloads for search, availability check, and creating bookings. No unrelated binaries, env vars, or installs are requested.
- Instruction Scope
- noteInstructions are narrowly scoped to calling the Lokuli MCP SSE endpoint using JSON-RPC and include example payloads. However, the SKILL.md does not instruct how to gather or confirm the user's customerName/customerEmail/customerPhone (these appear in the booking payloads) or obtain user consent before sending personal data. Some example values (hardcoded zipCode and dates) are present and would need to be replaced with user-provided data.
- Install Mechanism
- okInstruction-only skill with no install spec and no files to write or execute; therefore low install risk.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The lack of credential requests is coherent with demonstrated behavior (no auth tokens shown).
- Persistence & Privilege
- okalways is false and there is no indication the skill modifies other skills or requires persistent system presence. Autonomous invocation is allowed (platform default) but not combined with other escalation indicators.