Trust Assessment
book-auto received a trust score of 97/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include Skill collects and transmits Personally Identifiable Information (PII).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Skill collects and transmits Personally Identifiable Information (PII) The `create_booking` tool is designed to collect sensitive Personally Identifiable Information (PII), specifically `customerName`, `customerEmail`, and `customerPhone`. This data is then transmitted to an external endpoint (`https://lokuli.com/mcp/sse`) as part of the booking process. While necessary for the skill's intended function, this represents a privacy risk as the PII will be handled by a third-party service. Users should be made aware of the privacy policy and data handling practices of Lokuli, and the LLM should ensure explicit user consent before collecting and transmitting such data. Ensure robust data handling practices, clear user consent mechanisms, and transparent privacy policies for the third-party service. Implement data minimization principles where possible, and consider anonymization for non-essential data. The LLM should explicitly inform the user about the collection and transmission of PII to a third-party service. | LLM | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/ae37e3d0bda239e7)
Powered by SkillShield