Trust Assessment
book-color received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Skill handles sensitive PII via external service, Reliance on unverified external service introduces supply chain risk.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill handles sensitive PII via external service The `create_booking` tool is designed to collect and transmit sensitive Personally Identifiable Information (PII), specifically `customerName`, `customerEmail`, and `customerPhone`, to an external endpoint (`https://lokuli.com/mcp/sse`). While necessary for the skill's stated function, this introduces a significant risk of data exposure if the external service, its underlying infrastructure, or the communication channel is compromised. This data transfer to a third-party system requires robust security measures and privacy considerations. Implement robust data handling policies, ensure secure transmission (e.g., HTTPS with strong TLS), and conduct thorough security assessments of the `lokuli.com` service. Consider data minimization, anonymization, and strict access controls. Clearly inform users about PII collection, storage, and usage practices. | LLM | SKILL.md:40 | |
| MEDIUM | Reliance on unverified external service introduces supply chain risk The skill's core functionality is entirely dependent on an external endpoint, `https://lokuli.com/mcp/sse`. This introduces a supply chain risk, as the security, availability, and integrity of the skill are directly tied to this third-party service. A compromise or outage of `lokuli.com` could lead to service disruption, data manipulation, or data exfiltration without direct control from the skill's maintainers. Conduct thorough due diligence on all third-party services. Implement continuous monitoring for the external service's availability and security posture. Consider implementing fallback mechanisms or clear error handling for service disruptions. Ensure all data sent to the service is encrypted in transit and at rest, and verify the service's data retention and privacy policies. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/1492680310ba0cad)
Powered by SkillShield