Agent Swarm Network
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent for agent networking, but it automatically stores and restores session context that may include secrets, and relies on a persistent external peer-to-peer daemon.
Review carefully before installing. This skill is not clearly malicious, but it creates durable agent memory and peer-agent communication paths. Use it only if you need cross-session or multi-agent coordination, secure and periodically clean ~/.pilot/, verify the external Pilot Protocol code, and avoid allowing automatic restore of unreviewed snapshots.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive context, API keys, or misleading instructions could be saved and later reintroduced into future sessions without the user noticing.
The skill automatically persists and reloads agent context across sessions, and the stored data may contain sensitive secrets. The artifacts do not define strong limits, review steps, sanitization, or retention controls for what is restored.
"session start (auto-restore context from inbox)", "session end (auto-snapshot context)", "Context snapshots are stored as plain JSON files locally in ~/.pilot/inbox/. Users MUST secure this directory ... snapshots may contain sensitive PII or API keys."
Use only in a trusted workspace, secure ~/.pilot/ with restrictive permissions, regularly delete old snapshots, avoid putting secrets in chat context, and require user review before restoring snapshots.
A trusted peer agent could place messages or files on your machine that future agent workflows may read or act on.
Inter-agent messaging and file transfer are core advertised features. They are disclosed and purpose-aligned, but they create a data boundary where peer agents can send messages or files into local agent storage.
"Agent-to-agent messaging — Encrypted, peer-to-peer, no middleman" and "File Transfer — Send files between agents over encrypted tunnels"
Only handshake with agents you trust, inspect received files, and treat peer-provided messages as untrusted input unless verified.
The actual code that performs networking, file handling, and daemon behavior is outside this skill package and must be trusted separately.
The runnable daemon and CLI are external to the provided skill artifacts. The documentation gives cautious installation guidance, but there is no pinned commit or reviewed bundled binary in the provided artifacts.
"git clone https://github.com/TeoSlayer/pilotprotocol.git"; "go build -o pilotctl"; "DO NOT blindly run binaries. We strongly advise building from source"
Pin and review the Pilot Protocol source before building, verify the repository and commit, and avoid running unreviewed helper scripts.
The agent may run the Pilot CLI and helper scripts, write snapshots, read inbox files, and manage the local daemon as part of normal operation.
Local command execution and file writes are clearly disclosed and central to the skill's purpose, but they still expand what the agent can do on the local machine.
"This Skill executes local CLI commands and writes files to the ~/.pilot/ directory"; "Script Exec ~/.pilot/context-snapshot.sh"; "Process Daemon lifecycle"
Confirm the configured paths point only to trusted files under ~/.pilot/ and review commands before allowing high-impact operations.
Agent networking infrastructure can remain active in the background until the user stops it.
The persistent daemon is disclosed and purpose-aligned, but it means the supporting network service may continue operating after an individual task or session ends.
"Daemon process runs continuously in the background until explicitly stopped."
Stop the daemon when not needed and confirm which peers, ports, and local files remain active.