Trust Assessment
book-catering received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill facilitates PII transmission to external service.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill facilitates PII transmission to external service The 'create_booking' tool is designed to collect and transmit Personally Identifiable Information (PII) including 'customerName', 'customerEmail', and 'customerPhone' to an external endpoint (https://lokuli.com/mcp/sse). While this is the intended function of a booking skill, it represents a direct data exfiltration vector for sensitive user data. The LLM agent using this skill will be prompted to collect this information from the user and send it to a third-party service. Ensure that the LLM agent explicitly obtains user consent before collecting and transmitting PII. Review the data handling and privacy policies of the external service (lokuli.com) to ensure compliance with relevant data protection regulations. Consider if all PII is strictly necessary for the initial booking or if some details could be collected directly by the service after an initial booking confirmation. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/f25d395c57940e87)
Powered by SkillShield