Book Makeup
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could submit an appointment request with your name, email, and phone number if you ask it to book.
The documented MCP tool can create a booking using a selected time and customer contact details. This is aligned with the skill purpose, but it is a real-world mutation that should be user-approved.
"name": "create_booking" ... "timeSlot": "2025-02-10T14:00:00-08:00", "customerName": "John Doe", "customerEmail": "john@example.com", "customerPhone": "+13105551234"
Only allow the booking call after you have reviewed and approved the provider, service, date/time, price or cancellation terms, and contact details.
Your search location and booking contact details may be sent to Lokuli's MCP service.
The skill directs the agent to communicate with an external MCP server, and the booking example includes personal contact fields. This is expected for a booking integration but means data leaves the agent environment.
https://lokuli.com/mcp/sse ... Transport: SSE | JSON-RPC 2.0 | POST requests
Share only the information needed to complete the booking and verify you trust the Lokuli service before submitting personal details.
You have limited registry-provided information for verifying who maintains the skill or its remote MCP integration.
The registry does not provide a source repository or homepage for independent provenance checks. There is no local code to install, so this is a provenance note rather than a concrete unsafe behavior.
Source: unknown; Homepage: none
Use the skill only if you are comfortable with the listed Lokuli endpoint and avoid sharing unnecessary personal information.