Book Party
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for booking party services, but it can create real external bookings with contact details without documented confirmation safeguards.
Before installing or using this skill, confirm you trust Lokuli and make sure the agent asks for your final approval before any booking is created. Do not provide contact details unless you are ready to share them with the booking service.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could create an unwanted party-service booking or send incorrect contact details if it calls the booking tool before the user has clearly approved the exact booking.
This exposes a mutating booking action that can create an external service booking with personal contact details. The artifacts do not document an explicit user-confirmation step, cancellation path, price review, or other guardrail before this action is called.
"name": "create_booking", "arguments": { "providerId": "xxx", "serviceId": "yyy", "timeSlot": "2025-02-10T14:00:00-08:00", "customerName": "John Doe", "customerEmail": "john@example.com", "customerPhone": "+13105551234" }Require explicit user confirmation of the provider, service, date, time, price, cancellation terms, and contact details immediately before calling create_booking.
A user's name, email, phone number, and booking details may be transmitted to Lokuli's MCP service.
The skill uses a remote MCP endpoint and the booking example includes user contact data. This is expected for a booking service, but it is still an external data flow users should understand.
MCP Endpoint ... https://lokuli.com/mcp/sse ... "customerEmail": "john@example.com", "customerPhone": "+13105551234"
Only provide the minimum contact information needed for the booking and confirm the user agrees to share it with Lokuli before submitting.
Users have less context for deciding whether to trust the remote booking integration.
The skill is instruction-only, so there is no local code provenance issue, but the registry metadata does not provide a source or homepage for users to verify the publisher or integration.
Source: unknown; Homepage: none
Verify that the Lokuli endpoint and publisher are legitimate before relying on the skill for real bookings.