Trust Assessment
book-bartender received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Transmission of Personally Identifiable Information (PII) to External Service.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Transmission of Personally Identifiable Information (PII) to External Service The skill's `create_booking` tool is designed to collect and transmit sensitive Personally Identifiable Information (PII) including `customerName`, `customerEmail`, and `customerPhone` to the external Lokuli MCP endpoint (`https://lokuli.com/mcp/sse`). Additionally, the `search` tool collects `zipCode`, which can be considered PII or sensitive location data. While this is the intended functionality for booking services, it represents a data privacy concern as user PII is sent to a third-party service. Users should be explicitly informed about this data handling practice. Ensure explicit user consent is obtained before transmitting PII. Clearly communicate the data handling practices, including which data is collected, why it's collected, and to whom it's transmitted. Implement robust data protection measures for PII in transit and at rest. Consider anonymization or pseudonymization where possible, or minimize the collection of sensitive data. | LLM | SKILL.md:38 |
Scan History
Embed Code
[](https://skillshield.io/report/063808fbe3f90bf8)
Powered by SkillShield