Back to skill
Skillv1.0.1
ClawScan security
Book Physical Therapy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:06 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requests and instructions are consistent with booking physical-therapy via Lokuli's MCP, but it omits authentication and privacy details (so expect user PII to be transmitted and verify the endpoint before use).
- Guidance
- This skill appears to do what it says (search and book via Lokuli), but before installing or using it you should: 1) Verify the endpoint (https://lokuli.com) is legitimate and that you trust that service. 2) Understand that bookings will include PII (name, email, phone) sent to that external endpoint — confirm how that data is authenticated, stored, and protected. 3) Ask the agent to request explicit user consent before sending personal data or test with dummy data first. 4) If you require stronger assurance, ask the publisher for authentication details (API key / OAuth) or for a privacy policy; the SKILL.md currently omits these. If you cannot verify those items, treat this as higher-risk and avoid sending real personal information.
Review Dimensions
- Purpose & Capability
- okName/description match the instructions: SKILL.md shows JSON-RPC/SSE calls to a Lokuli MCP endpoint and example calls for searching, checking availability, and creating a booking — all coherent with booking physical-therapy.
- Instruction Scope
- noteInstructions stay within booking scope (search, check_availability, create_booking). They do not instruct reading unrelated files or system state. However, the doc provides example customer fields (name/email/phone) but does not specify how to collect user consent or whether to redact/store data; it also omits authentication steps for the MCP endpoint.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill (lowest install risk). Nothing is downloaded or written to disk.
- Credentials
- noteThe skill declares no environment variables or credentials, which is plausible for an instruction-only wrapper that delegates calls to platform tools. That said, the create_booking examples will transmit personal data (name, email, phone) to https://lokuli.com; the SKILL.md does not document authentication requirements or justify the lack of credentials, so it's unclear how the service is authenticated and how PII/privacy are handled.
- Persistence & Privilege
- okalways is false and the skill does not request elevated or persistent platform privileges or modify other skills/config. Default autonomous invocation is allowed (platform normal) but not combined with other concerning factors.