Trust Assessment
book-videographer received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential PII exfiltration via external service call.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential PII exfiltration via external service call The `create_booking` tool, defined within the untrusted skill content, is designed to collect and transmit sensitive Personally Identifiable Information (PII) such as `customerName`, `customerEmail`, and `customerPhone`. This data is intended to be sent to an external endpoint (`https://lokuli.com/mcp/sse`). As this skill definition is untrusted, there is a credible risk that this PII could be exfiltrated to a malicious or unvetted third-party service if the skill is executed. Review the necessity of collecting and transmitting sensitive PII to external services. Ensure the `lokuli.com` endpoint and its associated service have appropriate data handling, privacy, and security controls in place. Implement data minimization principles, collecting only essential PII. Consider anonymizing or encrypting PII before transmission if full details are not strictly required by the external service. | LLM | SKILL.md:32 |
Scan History
Embed Code
[](https://skillshield.io/report/d2da3aaae5c5ef70)
Powered by SkillShield