Airport Pickups London
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent airport-transfer booking skill, but users should notice that it can book, amend, cancel, and track transfers through a remote API using an API key.
This skill appears purpose-aligned for booking Airport Pickups London transfers. Before installing, understand that it requires configuring a remote MCP server with an API key and that approved actions may create, amend, cancel, or track real bookings while sending passenger and trip details to the provider.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could affect real-world travel arrangements if the user approves or requests those actions.
The skill exposes tools that can create, change, or cancel real travel bookings. This is expected for the stated purpose, and the artifact also instructs the agent not to book without user confirmation.
`book_transfer` — Create Booking ... `amend_booking` — Modify Booking ... `cancel_booking` — Cancel Booking
Confirm the route, time, passenger details, price, and cancellation/amendment intent before allowing the agent to submit booking changes.
Anyone or any agent with the API key may be able to use the associated booking API access.
The skill requires a service API key that authorizes the agent to use the booking API. This is disclosed and purpose-aligned, but users should treat the key as sensitive.
**This skill requires an API key** via the `x-api-key` header. ... The API key authenticates the agent, not the end user.
Use a dedicated API key for this integration, avoid sharing it, and revoke or rotate it if the skill is no longer needed.
Passenger contact details, itinerary locations, and flight information will be shared with the service provider.
The remote MCP/API flow sends personal and trip details to the provider. The data transfer is disclosed and necessary for booking, but it is sensitive information.
This skill sends the following data to the APL booking API: - Pickup and dropoff locations - Passenger name, phone, email - Flight numbers
Only provide passenger and trip details you are comfortable sending to Airport Pickups London, and review the provider's privacy practices if needed.