Back to skill
Skillv1.0.1
ClawScan security
Book Moving · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:06 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- Instruction-only skill that appears to do what it says (search and book moving services via Lokuli's MCP endpoint); no installs or extra credentials requested, but it will transmit user PII to an external service and the SKILL.md omits any authentication details.
- Guidance
- This skill is instruction-only and matches its stated purpose, but before installing: (1) verify the external endpoint (https://lokuli.com) is the legitimate provider and review its privacy/security policy; (2) confirm how authentication is supposed to work — if Lokuli requires an API key or account credentials, ask how those are supplied and whether the agent would reuse any existing/global secrets; (3) be aware that bookings will send personal data (name, email, phone) to a third party — avoid sending sensitive data until you trust the endpoint; (4) test with dummy data first and confirm the agent is not sending extra context or local files; (5) if you need stronger assurance, request the skill author include explicit auth handling and a privacy note in SKILL.md.
Review Dimensions
- Purpose & Capability
- okSkill name/description match the instructions: JSON-RPC calls to Lokuli's MCP for searching, checking availability, and creating bookings. No unrelated binaries, env vars, or config paths are requested.
- Instruction Scope
- noteInstructions are narrowly scoped to calling the specified MCP endpoint with JSON-RPC. They show fields that include user PII (customerName, customerEmail, customerPhone) which will be sent to https://lokuli.com. The SKILL.md does not instruct the agent to read local files or system credentials.
- Install Mechanism
- okNo install spec and no code files — instruction-only. This minimizes disk-write risk.
- Credentials
- noteThe skill declares no required credentials or env vars. That is coherent only if the MCP endpoint is public or uses some other implicit auth. If Lokuli requires an API key or token, the omission is an operational gap (not necessarily malicious) and could lead the agent to use other ambient credentials unexpectedly. Also, the skill transmits PII as part of normal booking flow — this is expected but worth noting.
- Persistence & Privilege
- okalways is false, no install, and no modifications to other skills or agent-wide settings indicated. The skill does not request permanent presence or elevated privileges.