Trust Assessment
book-alignment received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill designed to handle and transmit PII to external endpoint.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill designed to handle and transmit PII to external endpoint The `create_booking` tool is designed to collect and transmit Personally Identifiable Information (PII) such as `customerName`, `customerEmail`, and `customerPhone` to an external endpoint (`https://lokuli.com/mcp/sse`). While this may be the intended functionality for booking services, it represents a significant data exfiltration risk if the external service is compromised, malicious, or does not adhere to appropriate data handling and privacy standards. The LLM should be extremely cautious when invoking this tool with user-provided PII. Implement strict data handling policies for PII. Ensure the external endpoint `https://lokuli.com/mcp/sse` is thoroughly vetted for security, privacy compliance (e.g., GDPR, CCPA), and trustworthiness. Consider anonymizing or encrypting PII before transmission if possible. The LLM should be explicitly instructed on when and how to request and transmit PII, ensuring user consent and transparency. | LLM | SKILL.md:19 |
Scan History
Embed Code
[](https://skillshield.io/report/0cba8afc5195588e)
Powered by SkillShield