Book DJ
v1.0.1Book dj services through Lokuli MCP. Use when user needs to find and book dj. Triggers on requests like "book a dj", "find dj near me", or any dj service request.
0· 1,277·0 当前·0 累计
by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's purpose (finding and booking DJs via Lokuli MCP) is coherent, but the runtime instructions omit authentication details and explicit user-consent/PII-handling steps — allowing an agent to transmit personal contact data to an external endpoint without clear safeguards.
评估建议
This skill appears to do what it claims (search and create DJ bookings through Lokuli), but before installing you should: (1) verify who operates https://lokuli.com and whether their MCP endpoint requires authentication and has a privacy policy, (2) require the skill to explicitly prompt for and obtain user consent before sending any personal contact info, (3) confirm how/where booking data is stored and who can access it, and (4) prefer an implementation that declares required auth tokens or ex...详细分析 ▾
✓ 用途与能力
Name/description match the instructions: SKILL.md shows how to query Lokuli's MCP endpoint and create bookings. There are no unrelated environment variables, binaries, or installs requested, so required capabilities generally align with the stated purpose.
⚠ 指令范围
The instructions include example JSON-RPC calls that submit customerName, customerEmail, and customerPhone to an external endpoint (https://lokuli.com/mcp/sse). The SKILL.md does not instruct the agent to: obtain explicit user confirmation before creating bookings, prompt the user for their PII, or explain how PII is stored/used. That omission creates a privacy/authorization risk: the agent could send user data externally without clarified consent or validation.
✓ 安装机制
This is an instruction-only skill with no install spec and no code files; nothing is written to disk and no external packages are fetched — lowest-risk install posture.
ℹ 凭证需求
The skill declares no required environment variables or credentials, yet it targets a remote MCP endpoint which in many real deployments would require authentication. The absence of any declared auth token or explanation is a gap (could be legitimate if the platform provides the auth or the endpoint is public), but it should be clarified before trusting it with bookings.
ℹ 持久化与权限
always is false (good). disable-model-invocation is false (normal), so the agent may invoke the skill autonomously — combined with the ability to create bookings (including sending PII), this increases the impact of the missing consent/auth steps. The skill does not request persistent system-wide privileges.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.12026/2/6
Fixed display name
● 无害
安装命令 点击复制
官方npx clawhub@latest install book-dj
镜像加速npx clawhub@latest install book-dj --registry https://cn.clawhub-mirror.com
技能文档
Book dj services through Lokuli's MCP server.
MCP Endpoint
https://lokuli.com/mcp/sse
Transport: SSE | JSON-RPC 2.0 | POST requests
Tools
search
{
"method": "tools/call",
"params": {
"name": "search",
"arguments": {
"query": "dj",
"zipCode": "90640",
"maxResults": 20
}
}
}
check_availability
{
"method": "tools/call",
"params": {
"name": "check_availability",
"arguments": {
"providerId": "xxx",
"serviceId": "yyy",
"date": "2025-02-10"
}
}
}
create_booking
{
"method": "tools/call",
"params": {
"name": "create_booking",
"arguments": {
"providerId": "xxx",
"serviceId": "yyy",
"timeSlot": "2025-02-10T14:00:00-08:00",
"customerName": "John Doe",
"customerEmail": "john@example.com",
"customerPhone": "+13105551234"
}
}
}
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制