ClawHub
Back to skill
v1.0.1

Book Tree Service

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:24 AM.

Analysis

The skill is coherent for booking tree service, but it can send personal contact details to an external MCP service and create a real booking without explicit confirmation guidance.

GuidanceReview before installing. If you use it, make sure your agent asks for explicit confirmation before creating a booking and only share contact details you are comfortable sending to Lokuli and the service provider.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceMediumStatusConcern
SKILL.md
"name": "create_booking", "arguments": { "providerId": "xxx", "serviceId": "yyy", "timeSlot": "2025-02-10T14:00:00-08:00", "customerName": "John Doe", "customerEmail": "john@example.com", "customerPhone": "+13105551234" }

This shows the skill can submit a booking with customer details. The artifact does not include instructions to require explicit user confirmation of provider, service, time, and contact details before calling it.

User impactAn agent using this skill could finalize an appointment or service request with real-world consequences if the user has not clearly confirmed the details.
RecommendationRequire a clear final confirmation before create_booking, including provider, service, date/time, contact details, and any cancellation or cost terms available.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
metadata
Source: unknown; Homepage: none

The registry metadata does not provide a source repository or homepage, which makes the external booking integration harder for users to verify.

User impactUsers have less independent information for confirming who operates the skill or how the Lokuli MCP integration is maintained.
RecommendationPrefer installing only if you trust the publisher and can verify the external service before sharing personal details or creating bookings.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
https://lokuli.com/mcp/sse ... "customerName": "John Doe", "customerEmail": "john@example.com", "customerPhone": "+13105551234"

The skill discloses an external MCP endpoint and a booking payload containing personal contact information. This is purpose-aligned, but the artifact does not describe data retention, downstream sharing, or privacy boundaries.

User impactYour name, email, and phone number may be sent to Lokuli and possibly a service provider to complete the booking.
RecommendationOnly provide the minimum needed contact information after deciding to book, and review Lokuli/provider privacy terms if available.