Trust Assessment
book-tree-service received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill designed to transmit PII to external service.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill designed to transmit PII to external service The `create_booking` tool, as defined in the skill, is designed to accept and transmit Personally Identifiable Information (PII) including `customerName`, `customerEmail`, and `customerPhone`. This data is implicitly sent to the external `MCP Endpoint` at `https://lokuli.com/mcp/sse`. While this is the intended functionality for a booking service, it represents a data exfiltration risk as the security posture, data handling practices, and privacy policies of the `lokuli.com` service are unknown and outside the control of the LLM host. This exposes user PII to a third-party service. Review the necessity of collecting and transmitting sensitive PII. Ensure that the external service (`lokuli.com`) has robust data protection, privacy policies, and security measures in place. Consider anonymizing or minimizing data where possible. Inform users clearly about data handling practices and the third-party service involved. | LLM | SKILL.md:39 |
Scan History
Embed Code
[](https://skillshield.io/report/32e30bbda22ef018)
Powered by SkillShield