ClawHub
Back to skill
v1.0.1

Book Pressure Washing

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:23 AM.

Analysis

This skill is coherent for booking pressure-washing, but it can create a real service booking and send customer contact details to an external MCP endpoint without stated confirmation safeguards.

GuidanceUse this skill only if you are comfortable sharing contact details with Lokuli and service providers. Before allowing any booking, instruct the agent to show the selected provider, time, service details, contact information, price or fees if available, and cancellation terms, then wait for your explicit approval.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
"name": "create_booking", "arguments": { "providerId": "xxx", "serviceId": "yyy", "timeSlot": "2025-02-10T14:00:00-08:00", "customerName": "John Doe", "customerEmail": "john@example.com", "customerPhone": "+13105551234" }

The skill exposes a booking-creation action using customer contact details; the supplied instructions do not include an explicit user-confirmation step before invoking it.

User impactThe agent could place an unwanted service booking or share contact details with a provider if the user’s intent was only to search or compare options.
RecommendationRequire explicit user approval before create_booking, including the selected provider, service, time slot, contact details, expected cost, and cancellation policy.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
SKILL.md
https://lokuli.com/mcp/sse ... "zipCode": "90640" ... "customerEmail": "john@example.com", "customerPhone": "+13105551234"

The skill sends location/search information and customer contact details to an external Lokuli MCP endpoint, which is expected for booking but sensitive enough for users to notice.

User impactA third-party service endpoint may receive the user’s location area and contact information during search or booking.
RecommendationShare only the minimum needed information and confirm that the user is comfortable sending their contact details to Lokuli and the selected service provider.