Trust Assessment
lokuli-booking received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill handles and transmits Personally Identifiable Information (PII).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill handles and transmits Personally Identifiable Information (PII) The `create_booking` tool is explicitly designed to collect and transmit sensitive Personally Identifiable Information (PII), including `customerName`, `customerEmail`, and `customerPhone`, to the Lokuli MCP server for service booking. This data is then used to facilitate payment via a Stripe checkout link. While this functionality is central to the skill's purpose, it represents a critical data flow where user PII is processed and sent to an external service. The LLM must ensure explicit user consent and confirmation before invoking this tool with user PII to prevent unauthorized or unintended data transmission. Ensure the LLM strictly adheres to the skill's internal rules, specifically 'Never book without confirmation' and 'Collect required info — Name, email, phone before booking'. Implement robust user consent mechanisms and data handling policies for PII. Regularly audit the Lokuli MCP server's data privacy and security practices to ensure compliance and protection of user data. | LLM | SKILL.md:51 |
Scan History
Embed Code
[](https://skillshield.io/report/342ee19aa73c8b09)
Powered by SkillShield