Book Piano Lessons
v1.0.1Book piano-lessons services through Lokuli MCP. Use when user needs to find and book piano-lessons. Triggers on requests like "book a piano-lessons", "find piano-lessons near me", or any piano-lessons service request.
⭐ 1· 1.4k·0 current·0 all-time
byLokuli@edwardrodriguez703-design
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (book piano lessons through Lokuli MCP) lines up with the SKILL.md which supplies RPC payload examples for search, check_availability, and create_booking. However the skill provides no provenance (source/homepage unknown) and does not document authentication or required credentials for calling Lokuli's MCP endpoint — that gap is notable because booking APIs commonly require credentials.
Instruction Scope
Instructions are limited to JSON-RPC examples and an MCP endpoint, which is good from a minimal-scope perspective. Concerns: (1) transport description mixes SSE and POST/JSON-RPC in a confusing way (SSE is typically a GET/event stream, JSON-RPC often POST), (2) examples contain hard-coded zipCode (90640), dates (2025-02-10) and sample customer data — the skill does not instruct how to collect or sanitize real user data or consent, and (3) no guidance about authentication, logging, or where user PII (name/email/phone) will be sent/stored.
Install Mechanism
Instruction-only skill with no install spec or code files — lowest risk for filesystem persistence or arbitrary code execution. Nothing is pulled from external URLs at install time.
Credentials
The skill declares no required environment variables, credentials, or config paths. Given its purpose this is plausible if the Lokuli endpoint is public, but the absence of any auth requirement is unusual for a booking API and should be confirmed before use.
Persistence & Privilege
always:false and default invocation settings — no elevated persistence requested and the skill does not claim to modify other skills or system-wide settings.
What to consider before installing
This skill appears to implement booking via Lokuli's MCP server and avoids installing code, but there are unanswered questions you should resolve before installing or using it: confirm the legitimacy of the lokuli.com endpoint and the skill author (no homepage/source provided); ask whether the MCP API requires authentication and, if so, how credentials are supplied/stored; check how the agent will gather and confirm user personal data (name/email/phone) and ensure explicit consent before sending it; clarify the transport semantics (SSE vs POST/JSON-RPC) to avoid accidental leaks or malformed requests; and test any booking calls in a safe sandbox account so real appointments or payments are not accidentally created. If you cannot get clear answers about authentication and data handling, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latest
uook piano lessons
Book piano-lessons services through Lokuli's MCP server.
MCP Endpoint
https://lokuli.com/mcp/sse
Transport: SSE | JSON-RPC 2.0 | POST requests
Tools
search
{
"method": "tools/call",
"params": {
"name": "search",
"arguments": {
"query": "piano-lessons",
"zipCode": "90640",
"maxResults": 20
}
}
}
check_availability
{
"method": "tools/call",
"params": {
"name": "check_availability",
"arguments": {
"providerId": "xxx",
"serviceId": "yyy",
"date": "2025-02-10"
}
}
}
create_booking
{
"method": "tools/call",
"params": {
"name": "create_booking",
"arguments": {
"providerId": "xxx",
"serviceId": "yyy",
"timeSlot": "2025-02-10T14:00:00-08:00",
"customerName": "John Doe",
"customerEmail": "john@example.com",
"customerPhone": "+13105551234"
}
}
}
Comments
Loading comments...