ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pilot Database Bridge

v1.0.0

Query remote databases through Pilot Protocol tunnels. Use this skill when: 1. You need to access databases behind NATs or firewalls 2. You want to query rem...

0· 9·0 current·0 all-time
byCalin Teodor@teoslayer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the requested binary (pilotctl) and the actions described (start daemon, start gateway, map addresses) are exactly what a tunnel/bridge skill would need.
Instruction Scope
SKILL.md only runs pilotctl and standard DB clients (psql, mysql, mongosh, redis-cli). It does not request secrets or read unrelated files. Note: the skill assumes you will provide DB client credentials when connecting; the skill itself does not manage or store those credentials.
Install Mechanism
Instruction-only skill with no install spec or code files — nothing is downloaded or written by the skill itself.
Credentials
No environment variables, credentials, or config paths are requested. The required dependency (pilotctl) is directly relevant to the declared functionality.
Persistence & Privilege
always:false and no install actions. The skill does not ask for persistent presence or to modify other skills or system-wide settings.
Assessment
This skill appears coherent, but before installing: 1) Ensure pilotctl is obtained from the official Pilot Protocol source (https://pilotprotocol.network) and verify the binary's integrity; 2) understand that any database credentials you enter into standard clients will traverse the created tunnel — only use this with trusted endpoints and within your security policy; 3) confirm the pilot-protocol skill (dependency) is trustworthy and its daemon configuration is correct; and 4) be aware of the AGPL-3.0 license implications for any modifications or redistribution.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e3dj37vcn2vp5qsxrnqrpad84g049

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspilotctl

Comments