📦 Book Piano Lessons — 预约钢琴课
v1.0.1通过 Lokuli MCP 一键搜索并预约本地或线上钢琴课程,自动匹配时间、地点与教师,无需跳出对话界面即可完成支付与确认。
1· 1.4k·0 当前·0 累计
by 下载技能包
最后更新
2026/2/28
安全扫描
OpenClaw
可疑
medium confidenceThe skill's stated purpose (booking piano lessons via Lokuli MCP) roughly matches its instructions, but there are several small inconsistencies and missing/ambiguous details (authentication, transport semantics, hard-coded example data, unknown source) that merit caution before installing.
评估建议
This skill appears to implement booking via Lokuli's MCP server and avoids installing code, but there are unanswered questions you should resolve before installing or using it: confirm the legitimacy of the lokuli.com endpoint and the skill author (no homepage/source provided); ask whether the MCP API requires authentication and, if so, how credentials are supplied/stored; check how the agent will gather and confirm user personal data (name/email/phone) and ensure explicit consent before sending...详细分析 ▾
ℹ 用途与能力
The name/description (book piano lessons through Lokuli MCP) lines up with the SKILL.md which supplies RPC payload examples for search, check_availability, and create_booking. However the skill provides no provenance (source/homepage unknown) and does not document authentication or required credentials for calling Lokuli's MCP endpoint — that gap is notable because booking APIs commonly require credentials.
⚠ 指令范围
Instructions are limited to JSON-RPC examples and an MCP endpoint, which is good from a minimal-scope perspective. Concerns: (1) transport description mixes SSE and POST/JSON-RPC in a confusing way (SSE is typically a GET/event stream, JSON-RPC often POST), (2) examples contain hard-coded zipCode (90640), dates (2025-02-10) and sample customer data — the skill does not instruct how to collect or sanitize real user data or consent, and (3) no guidance about authentication, logging, or where user PII (name/email/phone) will be sent/stored.
✓ 安装机制
Instruction-only skill with no install spec or code files — lowest risk for filesystem persistence or arbitrary code execution. Nothing is pulled from external URLs at install time.
✓ 凭证需求
The skill declares no required environment variables, credentials, or config paths. Given its purpose this is plausible if the Lokuli endpoint is public, but the absence of any auth requirement is unusual for a booking API and should be confirmed before use.
✓ 持久化与权限
always:false and default invocation settings — no elevated persistence requested and the skill does not claim to modify other skills or system-wide settings.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.12026/2/6
Fixed display name
● 无害
安装命令
点击复制官方npx clawhub@latest install book-piano-lessons
镜像加速npx clawhub@latest install book-piano-lessons --registry https://cn.longxiaskill.com