Back to skill
Skillv1.0.1
ClawScan security
Book Nails · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:06 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions match its stated purpose (finding and booking nail services via Lokuli MCP); nothing requested is disproportionate, but verify external-network behavior and where authentication comes from before use.
- Guidance
- This skill appears to be what it says: it prepares JSON-RPC calls to Lokuli's MCP to search and create nail-service bookings. Before installing or enabling it, confirm: (1) whether your platform will supply any needed Lokuli credentials (the SKILL.md does not mention API keys or auth), (2) that you trust the external endpoint https://lokuli.com (bookings will send customer name, email, and phone to that domain), and (3) that the agent will prompt you for or confirm customer details before creating a booking (the examples contain placeholders). Also note small issues in the doc (typo in header, example zipCode/time values) — you may want to validate behavior in a test environment first.
Review Dimensions
- Purpose & Capability
- okThe name/description (book nails via Lokuli MCP) align with the instructions: search, check_availability, and create_booking RPC calls against an MCP endpoint. Example parameters (providerId/serviceId/time/customer contact) are appropriate for booking functionality.
- Instruction Scope
- okSKILL.md only defines JSON-RPC/SSE calls and example payloads to the Lokuli MCP endpoint; it does not instruct the agent to read local files, arbitrary env vars, or exfiltrate unrelated data. The instructions are narrowly scoped to searching and creating bookings.
- Install Mechanism
- okThis is an instruction-only skill with no install spec or code files, so nothing is written to disk or downloaded during install.
- Credentials
- noteNo env vars or credentials are declared. That can be fine if the MCP endpoint is public or the platform supplies auth, but the SKILL.md does not document authentication or required tokens. Also, booking actions will transmit customer contact info (email, phone) to an external domain — expected for a booking skill but worth confirming.
- Persistence & Privilege
- okThe skill is not marked always:true and does not request persistent system-wide changes. It does not modify other skills or system configs.