Trust Assessment
book-florist received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Sensitive PII transferred to external service.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Sensitive PII transferred to external service The 'create_booking' tool is designed to collect and transmit sensitive Personally Identifiable Information (PII), including customer name, email, and phone number, to an external third-party endpoint (https://lokuli.com/mcp/sse). While this is the intended functionality for a booking skill, it represents a data transfer to an external entity. Users should be aware that their PII will be shared with 'lokuli.com'. If this external service is compromised or malicious, the collected PII could be exfiltrated or misused. Inform users explicitly about the collection and transfer of their PII to a third-party service. Ensure that the third-party service ('lokuli.com') adheres to strict data privacy and security standards. Consider implementing data minimization practices if possible. | LLM | SKILL.md:38 |
Scan History
Embed Code
[](https://skillshield.io/report/c7ce4cf00946e482)
Powered by SkillShield