Back to skill
Skillv1.0.1
ClawScan security
Book Salon · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewFeb 11, 2026, 9:06 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's behavior (sending user contact/location and booking details to an external Lokuli MCP endpoint) matches its stated purpose, but the upstream service and data-handling are undocumented and the runtime instructions will transmit personal data without explaining authentication or privacy—this mismatch warrants caution.
- Guidance
- This skill appears to perform salon search and booking via Lokuli's MCP endpoint, which can legitimately require sending names, emails, phones, and location. Before installing or using it, verify the upstream service and privacy practices: who runs lokuli.com, is there an owner or homepage, how are requests authenticated, and how is booking/customer data stored and retained? Avoid sending real personal data until you confirm those details; test with placeholder/fake data. If you need stricter guarantees, require an explicit authentication step or written privacy policy, or prefer a skill published by a known vendor. If you decide to proceed, ask the publisher to document the auth flow and data retention, and to minimize the data sent in create_booking calls.
Review Dimensions
- Purpose & Capability
- okThe name and description claim booking salon services via Lokuli MCP; the SKILL.md explicitly targets Lokuli's MCP endpoint and provides RPC examples (search, check_availability, create_booking). The requested capabilities align with the stated purpose.
- Instruction Scope
- concernThe instructions direct the agent to call an external endpoint (https://lokuli.com/mcp/sse) and to POST JSON-RPC payloads that include personal customer data (name, email, phone, location/zip). There are no instructions about authentication, consent, or data minimization. Opening an SSE connection to a third party and transmitting PII without documented safeguards is a privacy/exfiltration risk.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files, so it does not write additional binaries or archives to disk. That minimizes install-time risk.
- Credentials
- concernThe skill requests no environment variables or credentials (which reduces risk), but it will transmit user-identifying information (contact, phone, email, location) to an external host. The SKILL.md does not declare any required credentials or explain how requests are authenticated or authorized—this lack of proportionality and transparency about who receives and stores user data is concerning.
- Persistence & Privilege
- okalways is false and there are no installation changes or requests to modify other agent configs. The skill does not request persistent system privileges in its manifest.