Trust Assessment
book-music-lessons received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill designed to exfiltrate PII to external service.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill designed to exfiltrate PII to external service The `create_booking` tool explicitly defines parameters for collecting and transmitting Personally Identifiable Information (PII) including `customerName`, `customerEmail`, and `customerPhone`. This data is intended to be sent to the external endpoint `https://lokuli.com/mcp/sse`. While this is the skill's intended function, it represents a direct transfer of sensitive user data to a third-party, which poses a privacy risk and requires explicit user consent and clear data handling policies. Ensure explicit user consent is obtained before collecting and transmitting PII. Clearly inform users about what data is collected, why it's collected, and to whom it's transmitted. Implement robust data privacy policies and ensure compliance with relevant regulations (e.g., GDPR, CCPA). Consider anonymizing or minimizing data where possible. | LLM | SKILL.md:45 |
Scan History
Embed Code
[](https://skillshield.io/report/dc597f31e5610aee)
Powered by SkillShield