Skillv1.0.1

ClawScan security

Book Personal Trainer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:06 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions broadly match its stated purpose (book personal trainers), but there are gaps and oddities — notably hard-coded example inputs and no declared authentication for an external MCP endpoint — that make its design unclear.
Guidance: This skill looks like it does what it says (search/check/create bookings), but there are unclear and potentially risky gaps. Before installing, ask: (1) How is authentication to https://lokuli.com/mcp/sse handled? Should the skill declare an API key or rely on platform tools? (2) Will the agent prompt users for their location/contact info and preferred times, or will it use the hard-coded zipCode and example customer data in SKILL.md? (3) Who operates the Lokuli endpoint (no homepage/source given)? If you proceed, insist the skill be updated to remove hard-coded defaults, explicitly request only the credentials it needs (and document how they're stored/used), and confirm the platform's tool-layer provides any required auth rather than the skill embedding secrets.

Review Dimensions

Purpose & Capability: noteThe name/description (book personal trainers via Lokuli MCP) aligns with the SKILL.md which shows search, availability check, and booking RPCs. However the skill references an external MCP endpoint (https://lokuli.com/mcp/sse) but declares no credentials or environment variables. It's unclear whether the platform provides built-in auth for that endpoint or whether the skill should have required API keys; that omission reduces clarity/proportionality.
Instruction Scope: concernThe instructions are narrowly scoped to search/check/create booking RPC calls (no unrelated actions). But the payload examples include hard-coded values (zipCode: "90640", fixed dates, and example customer contact details). The skill does not instruct the agent to prompt the user for their actual zip code, date/time preferences, or contact info; if used as-is the skill could default to incorrect data or inadvertently submit placeholders. Using fixed location and PII-like example values is a functional and privacy concern.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing is written to disk and no external packages are fetched. That minimizes install-time risk.
Credentials: concernThe skill requests no environment variables or credentials but expects to call an external MCP endpoint. Booking services typically require authentication (API key, token, or platform-scoped tool permissions). The absence of any declared credential or primaryEnv is surprising and could indicate incomplete metadata or an assumption that platform-level tools provide the auth — the mismatch is concerning because it affects whether the skill can actually operate as described and whether auth would be handled securely.
Persistence & Privilege: okalways is false and there are no install-time or persistence actions described. The skill does not request persistent privileges or modify other skills' configs.