Skillv1.0.1

ClawScan security

Book Roofing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:06 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and requirements largely match its stated purpose (booking roofing via Lokuli's MCP), but it omits authentication details and includes hard-coded example data you should verify before use.
Guidance: This skill appears to do what it says (call Lokuli's MCP to find and book roofing), but before installing or using it: 1) Confirm who operates https://lokuli.com and whether that endpoint is legitimate and expected for your environment. 2) Ask the skill author how authentication/authorization to the MCP is handled (API keys, OAuth, platform-provided tokens). The SKILL.md does not declare any required credentials — lack of auth details is a gap. 3) The examples include hard-coded zip codes, dates, and example customer PII; ensure the agent prompts users for their actual location and contact info and obtains explicit consent before transmitting personal data. 4) Because this skill makes external network calls, consider testing in a controlled environment and monitoring network/agent logs for unexpected requests. 5) If you need stronger assurance, request from the publisher a README explaining auth requirements, a privacy policy for handling customer data, or a signed verification that Lokuli is the intended service. If those clarifications are not available, treat the skill as incomplete and proceed cautiously.

Review Dimensions

Purpose & Capability: okThe name/description (book roofing through Lokuli MCP) match the SKILL.md: it declares an MCP endpoint and JSON-RPC examples for searching, checking availability, and creating bookings. There are no unexpected binaries, env vars, or install steps.
Instruction Scope: noteInstructions are narrowly scoped to calling the Lokuli MCP endpoint via tools/call with specific methods (search, check_availability, create_booking). They do not instruct reading local files or unrelated system state. However, the doc includes hard-coded example parameters (zipCode: 90640, dates in 2025, example customer data) and does not explain how authentication/authorization to the Lokuli endpoint is obtained — a gap that should be clarified.
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or written to disk by the skill itself.
Credentials: noteThe skill requires no environment variables or credentials, which is consistent with the metadata. That said, the MCP endpoint likely requires authentication in real use; the absence of declared credentials means either the platform provides auth implicitly or the SKILL.md is incomplete. Also the examples include personal data fields (name/email/phone) — ensure those are provided intentionally and with consent.
Persistence & Privilege: okThe skill does not request persistent presence (always: false) and does not modify system-wide configuration. It is user-invocable and allows autonomous model invocation by default (normal for skills).