Book Roofing
v1.0.1Book roofing services through Lokuli MCP. Use when user needs to find and book roofing. Triggers on requests like "book a roofing", "find roofing near me", or any roofing service request.
⭐ 1· 1.3k·0 current·0 all-time
byLokuli@edwardrodriguez703-design
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (book roofing through Lokuli MCP) match the SKILL.md: it declares an MCP endpoint and JSON-RPC examples for searching, checking availability, and creating bookings. There are no unexpected binaries, env vars, or install steps.
Instruction Scope
Instructions are narrowly scoped to calling the Lokuli MCP endpoint via tools/call with specific methods (search, check_availability, create_booking). They do not instruct reading local files or unrelated system state. However, the doc includes hard-coded example parameters (zipCode: 90640, dates in 2025, example customer data) and does not explain how authentication/authorization to the Lokuli endpoint is obtained — a gap that should be clarified.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requires no environment variables or credentials, which is consistent with the metadata. That said, the MCP endpoint likely requires authentication in real use; the absence of declared credentials means either the platform provides auth implicitly or the SKILL.md is incomplete. Also the examples include personal data fields (name/email/phone) — ensure those are provided intentionally and with consent.
Persistence & Privilege
The skill does not request persistent presence (always: false) and does not modify system-wide configuration. It is user-invocable and allows autonomous model invocation by default (normal for skills).
Assessment
This skill appears to do what it says (call Lokuli's MCP to find and book roofing), but before installing or using it: 1) Confirm who operates https://lokuli.com and whether that endpoint is legitimate and expected for your environment. 2) Ask the skill author how authentication/authorization to the MCP is handled (API keys, OAuth, platform-provided tokens). The SKILL.md does not declare any required credentials — lack of auth details is a gap. 3) The examples include hard-coded zip codes, dates, and example customer PII; ensure the agent prompts users for their actual location and contact info and obtains explicit consent before transmitting personal data. 4) Because this skill makes external network calls, consider testing in a controlled environment and monitoring network/agent logs for unexpected requests. 5) If you need stronger assurance, request from the publisher a README explaining auth requirements, a privacy policy for handling customer data, or a signed verification that Lokuli is the intended service. If those clarifications are not available, treat the skill as incomplete and proceed cautiously.Like a lobster shell, security has layers — review code before you run it.
latest
uook roofing
Book roofing services through Lokuli's MCP server.
MCP Endpoint
https://lokuli.com/mcp/sse
Transport: SSE | JSON-RPC 2.0 | POST requests
Tools
search
{
"method": "tools/call",
"params": {
"name": "search",
"arguments": {
"query": "roofing",
"zipCode": "90640",
"maxResults": 20
}
}
}
check_availability
{
"method": "tools/call",
"params": {
"name": "check_availability",
"arguments": {
"providerId": "xxx",
"serviceId": "yyy",
"date": "2025-02-10"
}
}
}
create_booking
{
"method": "tools/call",
"params": {
"name": "create_booking",
"arguments": {
"providerId": "xxx",
"serviceId": "yyy",
"timeSlot": "2025-02-10T14:00:00-08:00",
"customerName": "John Doe",
"customerEmail": "john@example.com",
"customerPhone": "+13105551234"
}
}
}
Comments
Loading comments...