ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pilot Dataset

v1.0.0

Exchange structured datasets with schema negotiation and metadata over Pilot Protocol. Use this skill when: 1. You need to share CSV, JSON, or Parquet datase...

0· 0·0 current·0 all-time
byCalin Teodor@teoslayer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, commands, and required binary (pilotctl) align: this skill is an instruction-only wrapper for Pilot Protocol dataset exchange. Declared dependency on pilotctl and the pilot-protocol skill is expected for this functionality.
Instruction Scope
SKILL.md instructs the agent to run pilotctl commands that publish availability, send messages, and send files — all consistent with dataset exchange. It also reads local files (head, wc) and references environment variables ($PEER, $DEST, $DATASET_FILE) that are not declared in requires.env; these are normal runtime parameters but worth noting because they imply the skill will read and transmit local dataset files when invoked.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is low-risk from an installation perspective (nothing will be written to disk by the skill itself).
Credentials
The skill does not request credentials or secrets. It requires a single binary (pilotctl). The SKILL.md mentions optional tools (jq, python3) but these are reasonable helper dependencies for format conversion and are not credentials; however their presence is not enforced in the declared metadata and should be checked at runtime.
Persistence & Privilege
always is false and the skill does not request persistent or elevated platform privileges. It does not modify other skills or system-wide settings in its instructions.
Assessment
This skill appears to do what it claims (share structured datasets via the Pilot Protocol). Before installing: 1) verify the pilotctl binary you have is the official release for Pilot Protocol and that you trust it, 2) be aware that using the skill will read and transmit local files ($DATASET_FILE) to remote peers ($PEER / $DEST) — do not send sensitive data inadvertently, 3) ensure jq/python3 are available if you rely on format conversion, and 4) run the pilot daemon in a controlled environment and review pilotctl logs to confirm expected transfers. If you need to ensure no secrets are leaked, explicitly set and inspect the environment variables and test with non-sensitive sample datasets first.

Like a lobster shell, security has layers — review code before you run it.

latestvk9749deeta32fpanhvq0nt6sa984h39f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspilotctl

Comments