Back to skill
Skillv1.0.1
ClawScan security
Book Tune Up · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 9:05 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (booking tune-ups via Lokuli MCP) is plausible, but the runtime instructions leave unclear how requests are authenticated and would result in sending user contact data to an external endpoint without declared credentials or privacy guidance.
- Guidance
- This skill will send booking requests and customer contact details to an external domain (lokuli.com) but does not document how it authenticates or protects that data. Before installing, verify: (1) who operates lokuli.com and whether you trust them; (2) whether the platform will proxy/authenticate calls or whether you must provide API credentials (ask the skill author for the auth flow); (3) how user PII is handled and retained by the service; and (4) clarify the transport/auth mismatch (SSE vs POST). If you need to protect personal data or avoid sharing credentials, do not enable the skill until these questions are answered.
Review Dimensions
- Purpose & Capability
- noteThe name/description match the instructions: the SKILL.md shows JSON-RPC calls for searching providers, checking availability, and creating bookings on Lokuli's MCP. That capability is coherent with 'book tune-up' functionality. However, the skill references an external MCP endpoint but declares no credentials or auth mechanism, which is unusual for a booking API and worth questioning.
- Instruction Scope
- concernInstructions explicitly reference an external endpoint (https://lokuli.com/mcp/sse) and example JSON-RPC payloads containing personal data fields (customerName, customerEmail, customerPhone). The instructions do not explain how to authenticate, where the tools/call is executed (agent-side vs proxied), or whether user consent or data-minimization should be applied. Also the transport description mixes SSE (typically an event stream) with POST/JSON-RPC which is atypical and may indicate sloppy or inaccurate instructions.
- Install Mechanism
- okInstruction-only skill with no install/spec files and no code to write to disk. Low installation risk.
- Credentials
- concernThe skill requests no environment variables or credentials but instructs the agent to call an external booking API and transmit personal contact data. Real booking APIs commonly require API keys, OAuth tokens, or other auth; the absence of declared credentials or a documented auth flow is a proportionality mismatch and increases uncertainty about where/how sensitive data is sent.
- Persistence & Privilege
- okalways is false and autonomous invocation is allowed (platform default). The skill does not request persistent system-wide privileges or declare modifications to other skills' configs.