Back to skill
Skillv1.0.1
ClawScan security
Book Plumber · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 9:06 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions are broadly consistent with a plumber-booking flow, but provenance is unknown, it references an external MCP endpoint with no declared credentials, and the SKILL.md includes hard-coded example personal data and zip codes that could lead to accidental data leakage or misuse.
- Guidance
- This skill looks like a straightforward instruction-only integration that will make network calls to lokuli.com to search and create bookings, but its source and homepage are unknown. Before installing or using it: 1) Verify what lokuli.com is and whether you trust it to receive your personal contact and address data. 2) Confirm whether the service requires authentication and how credentials are supplied — the SKILL.md does not declare any API keys. 3) Ensure the agent will always prompt you to confirm or supply your real address/phone/email instead of using the hard-coded examples in the doc. 4) If you need privacy or auditability, test the skill in a sandbox account or require explicit user confirmation before any booking is created. If you cannot verify the endpoint or provenance, treat this skill as higher-risk and avoid sending real PII through it.
Review Dimensions
- Purpose & Capability
- okName and description (book a plumber via Lokuli MCP) match the SKILL.md which shows search, check_availability, and create_booking JSON-RPC calls to an MCP endpoint. There is no obvious extra functionality beyond booking.
- Instruction Scope
- noteInstructions confine actions to JSON-RPC calls against https://lokuli.com/mcp/sse and platform tool calls (search, check_availability, create_booking). However the doc contains hard-coded sample zip code (90640) and example PII (John Doe, john@example.com, +13105551234) without telling the agent to prompt the user or confirm data — risk that the agent could use or transmit incorrect or test personal data. The SKILL.md also has minor typos but no instructions to read local files or environment variables.
- Install Mechanism
- okNo install spec and no code files (instruction-only). This minimizes on-disk persistence and arbitrary code execution risk.
- Credentials
- concernThe skill declares no required environment variables or credentials but directs RPC calls to an external domain (lokuli.com). Real booking APIs typically require authentication; absence of declared credentials is unexplained. The skill will involve sending customer contact details to an external service (privacy risk) but does not document consent, data handling, or whether an API key is needed.
- Persistence & Privilege
- okalways is false and there is no installation or self-modifying behavior. The skill does not request elevated or persistent platform privileges.