Skill Pilot
Security checks across malware telemetry and agentic risk
Overview
Skill Pilot matches its stated routing purpose, but it can run other skills while passing through environment tokens, so it needs careful review before use.
This does not look malicious from the provided artifacts, but it is a powerful routing skill. Before installing, make sure you trust the other skills it may run, remove unrelated secrets from the environment, avoid full mode for sensitive queries, and review its config/history files if routing behavior changes.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Any child skill selected by Skill Pilot may receive environment secrets such as API keys, proxy settings, or OpenClaw tokens. If an invoked skill is untrusted or over-privileged, those credentials could be abused.
The skill can invoke child skill processes and explicitly documents copying the whole environment, not only an allowlist of provider keys.
`OPENCLAW_TOKEN` | 自定义认证 Token ... `env = os.environ.copy() # 继承环境变量`
Run it with a minimal environment, remove unrelated secrets before use, and prefer an allowlist of environment variables per child tool. The skill should prompt or document exactly which credentials each routed tool will receive.
In full/comparison mode, one request can be sent to multiple tools and the result can change which tool is used automatically in later tasks.
The engine can call multiple installed tools and change the default tool after comparison. This is central to the scheduler purpose, but it expands the effect of a single user request.
for tool_name in tools: ... result_dict = self.call_skill(tool_name, request) ... self.mode_manager.set_default_tool(request.category, best_tool)
Use full mode only when you are comfortable with all tools in the pool seeing the request, and review `config/mode_config.json` if routing choices change unexpectedly.
Past runs can influence future tool selection, and local history may reveal usage patterns even if the artifacts do not show secret exfiltration.
The skill stores execution history and performance data for later learning and routing decisions.
`history/` - 执行历史记录 ... 保存调度决策历史 ... 记录工具性能数据
Periodically review or delete the skill's history/config files if you do not want prior activity to influence future routing.
Users have less external context for auditing a skill that can orchestrate other installed skills.
The package does not provide a public source or homepage for provenance review.
Source: unknown; Homepage: none
Install only if you trust the publisher/package contents, and prefer a version with a verifiable source repository.