ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pilot Api Gateway

v1.0.0

Expose local APIs to the Pilot Protocol network. Use this skill when: 1. You need to expose local APIs to remote Pilot agents 2. You want to provide API acce...

0· 0·0 current·0 all-time
byCalin Teodor@teoslayer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the instructions: SKILL.md only runs pilotctl gateway/listen/map/send/recv commands to expose local APIs to remote Pilot agents. Requiring pilotctl and the pilot-protocol skill is appropriate for this purpose.
Instruction Scope
Instructions remain within the stated purpose (start daemon, listen, receive requests, send responses). However: the examples use jq to parse JSON but jq is not declared as a required binary; the SKILL.md directs starting the daemon with --public and mapping hostnames without offering guidance about authentication, ACLs, or limiting exposure — this is a security-relevant omission (not an incoherence) that users must consider.
Install Mechanism
Instruction-only skill with no install spec or downloads. No files are written to disk by the skill itself; this is the lowest-risk install model.
Credentials
No environment variables, credentials, or config paths are requested. The declared requirements align with the stated function and do not request unrelated secrets or broad access.
Persistence & Privilege
always is false and disable-model-invocation is default; the skill does not request permanent/always-on inclusion or elevated platform privileges. It does instruct starting a network-exposing daemon, which is an operational action but not a platform privilege escalation.
Assessment
This skill appears to do what it says: call pilotctl to expose local APIs to the Pilot network. Before installing, ensure you: 1) trust the pilotctl binary and the pilot-protocol network (verify source and integrity), 2) have the pilotctl binary on PATH (and install jq if you plan to run the example scripts), 3) understand you may expose local services to remote agents when using --public or mapping hostnames — confirm access controls, authentication, and network boundaries to avoid accidental data leakage, and 4) run this only on hosts that can safely serve traffic (do not enable on machines with sensitive local-only services). If you need stronger guarantees, request more detail from the skill author about authentication, logging, and rate-limiting, or ask for the explicit declaration of all required tooling (e.g., jq).

Like a lobster shell, security has layers — review code before you run it.

latestvk974m1h6aw01gttn1bgaqhdebn84f2df

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspilotctl

Comments