Trust Assessment
book-mechanic received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill enables PII exfiltration to third-party service.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill enables PII exfiltration to third-party service The `create_booking` tool is designed to collect sensitive Personally Identifiable Information (PII) including `customerName`, `customerEmail`, and `customerPhone`. When this tool is invoked by the LLM, this data will be transmitted to the external endpoint `https://lokuli.com/mcp/sse`. This poses a data exfiltration risk as user PII is sent to a third-party service, which could be compromised or misuse the data without explicit user consent or proper security measures. Implement explicit user consent mechanisms before collecting and transmitting PII. Ensure the third-party service's data handling practices comply with relevant privacy regulations (e.g., GDPR, CCPA). Consider anonymizing or encrypting sensitive data if possible. Clearly inform users about data sharing with third parties and provide options to control their data. | LLM | SKILL.md:46 |
Scan History
Embed Code
[](https://skillshield.io/report/82fb192a2d75081f)
Powered by SkillShield