ClawHub
Back to skill
v1.0.1

Book Manicure

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:23 AM.

Analysis

The skill is purpose-aligned for booking manicures, but it can create an external appointment and send personal contact details without an explicit confirmation or scoping instruction.

GuidanceReview this skill before installing. It appears coherent for booking manicures, but you should ensure the agent only books after you explicitly approve the exact provider, service, time, and contact details, and you should be comfortable sending that information to Lokuli and the selected provider.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceMediumStatusConcern
SKILL.md
"name": "create_booking", "arguments": { "providerId": "xxx", "serviceId": "yyy", "timeSlot": "2025-02-10T14:00:00-08:00", "customerName": "John Doe", "customerEmail": "john@example.com", "customerPhone": "+13105551234" }

The skill exposes a booking action that can create an external appointment using personal contact details, while the provided instructions do not define an explicit user-confirmation step or limits before that action.

User impactThe agent could book a manicure slot or submit contact details to a provider if it proceeds without clearly confirming the final choice with the user.
RecommendationBefore installing or using, require the agent to confirm the salon/provider, service, appointment time, price or cancellation terms, and the exact contact information before calling create_booking.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
MCP Endpoint

```
https://lokuli.com/mcp/sse
```

Transport: SSE | JSON-RPC 2.0 | POST requests

The skill relies on an external MCP service for search, availability, and booking, so user booking details are communicated to a third-party service boundary.

User impactYour name, email, phone number, location or ZIP code, and appointment preferences may be sent to Lokuli or downstream manicure providers as part of normal use.
RecommendationUse only if you are comfortable sharing the required booking information with Lokuli and the selected provider; provide only the minimum contact details needed to complete the booking.