Skillv1.0.1

ClawScan security

Book Photographer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 11, 2026, 9:06 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and requirements are internally consistent with a third‑party booking integration (Lokuli MCP); it does not ask for unrelated system access or credentials, but it will transmit user contact/booking data to an external service (lokuli.com).
Guidance: This skill appears to do what it says: call Lokuli's MCP endpoints to find and book photographers. Before installing, consider: (1) it will send personal booking details (name, email, phone, date/time, location) to an external domain (lokuli.com) — confirm you are comfortable sharing that PII and review Lokuli's privacy/security if possible; (2) there is no declared authentication in the SKILL.md — check how your platform will provide any needed API keys or whether bookings will be unauthenticated; (3) the skill has no source/homepage and an opaque owner ID — prefer skills from verified or documented publishers when possible; (4) test with non-sensitive/dummy data first and review the agent's tool/network permissions for outbound calls.

Purpose & Capability: okName/description (book a photographer) align with the runtime instructions: the SKILL.md defines search, check_availability, and create_booking JSON-RPC calls against Lokuli's MCP endpoint. Nothing requested (no env vars, no binaries, no config paths) appears unrelated to booking photographers.
Instruction Scope: noteInstructions are narrowly scoped to performing searches and creating bookings via the specified MCP endpoint. They include placeholders for customer name/email/phone and booking times — meaning PII will be sent to the external endpoint. There are no instructions to read local files, system env, or unrelated resources.
Install Mechanism: okThis is an instruction‑only skill with no install spec or code files, so nothing is written to disk. Lowest install risk.
Credentials: okThe skill declares no environment variables or credentials, which is proportionate to the simple instruction set. One caveat: the SKILL.md does not describe authentication for Lokuli; either the hosting platform provides the necessary auth tokens/tools or the integration is unauthenticated. The lack of declared credentials is not contradictory but is worth confirming.
Persistence & Privilege: okalways is false and the skill does not request elevated or persistent privileges. It does not modify other skills or system settings.