ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pilot Event Bus

v1.0.0

Multi-agent event aggregation on shared topics for coordinated workflows. Use this skill when: 1. You need to aggregate events from multiple agents on a shar...

0· 64·0 current·0 all-time
byCalin Teodor@teoslayer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the requested binaries and instructions. Requiring pilotctl and a running pilot daemon is appropriate for a Pilot Protocol event-bus skill; no unrelated credentials, config paths, or binaries are requested.
Instruction Scope
Instructions are narrowly scoped to running pilotctl publish/subscribe/trust/handshake commands and using /tmp/events.json for output. The SKILL.md example uses jq but jq is not declared as a required binary — minor inconsistency. Also the doc says the daemon must be running but does not include an explicit 'start daemon' step; otherwise the instructions stay within the described purpose. The instructions will broadcast whatever payloads you provide to other agents, so sensitive data could be exposed by intended behavior.
Install Mechanism
Instruction-only skill with no install spec or downloaded code. This is low risk: nothing is written to disk by the skill itself beyond the agent running the commands it instructs.
Credentials
No environment variables or secrets are requested. The skill relies on established mutual trust between agents (handled via pilotctl handshake) rather than embedding credentials, which is proportionate to the stated purpose.
Persistence & Privilege
No 'always: true' or elevated persistent privileges are requested. The skill does not modify other skills' configurations or request system-wide settings.
Assessment
This skill is coherent for a multi-agent pub/sub workflow, but before installing: 1) ensure the pilotctl binary on your system is the official/trusted distribution (it will be used to broadcast and subscribe on the network); 2) be aware that publishing events will send whatever payload you provide to other trusted agents—do not publish secrets or sensitive data; 3) install jq if you plan to use the example workflows or adapt examples to your environment; 4) verify the pilot daemon is running and test in an isolated environment first to confirm trust relationships and network behavior; 5) note the skill is licensed AGPL-3.0—check compatibility with your project’s licensing requirements.

Like a lobster shell, security has layers — review code before you run it.

latestvk977f77nkep3a5z6jc9v3c9vzd84gfxb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspilotctl

Comments