Trust Assessment
book-towing received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill designed to transmit Personally Identifiable Information (PII).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill designed to transmit Personally Identifiable Information (PII) The `create_booking` tool, defined within the skill, explicitly requires and is designed to transmit Personally Identifiable Information (PII) such as `customerName`, `customerEmail`, and `customerPhone`. This data is intended to be sent to the external endpoint `https://lokuli.com/mcp/sse`. While this is the skill's intended function, it highlights a significant data handling responsibility and potential risk if the LLM is compromised or misdirected, leading to unauthorized collection or transmission of user PII. Implement robust data governance policies for the `lokuli.com` endpoint to ensure secure handling and storage of PII. For the AI agent, establish strict guardrails and user consent mechanisms to control the collection and transmission of PII. Ensure users are fully aware and consent to their data being shared when this skill is invoked. | LLM | SKILL.md:39 |
Scan History
Embed Code
[](https://skillshield.io/report/43ecc706e4ddccb7)
Powered by SkillShield