Trust Assessment
book-extensions received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill facilitates transmission of sensitive PII to external service.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill facilitates transmission of sensitive PII to external service The `create_booking` tool defined in this skill requires the collection of sensitive Personally Identifiable Information (PII) including `customerName`, `customerEmail`, and `customerPhone`. This data is intended to be transmitted to an external third-party endpoint (`https://lokuli.com/mcp/sse`) for booking services. While this is the intended functionality of a booking skill, it represents a data exfiltration risk if the external service is compromised, malicious, or misuses the data. The skill itself does not define mechanisms for user consent or data handling policies for this external transfer, relying on the host LLM to manage these aspects. Implement robust user consent mechanisms before collecting and transmitting PII. Ensure the external service's data privacy and security policies are thoroughly reviewed and compliant with relevant regulations. Consider data minimization techniques, only collecting essential information. The host LLM should be explicitly instructed on handling sensitive user data and obtaining explicit consent before any transmission. | LLM | SKILL.md:35 |
Scan History
Embed Code
[](https://skillshield.io/report/dd467182e1cc47f8)
Powered by SkillShield