ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pilot Task Retry

v1.0.0

Automatic retry with exponential backoff and fallback targets. Use this skill when: 1. You need resilient task submission with automatic retry logic 2. You w...

0· 96·0 current·0 all-time
byCalin Teodor@teoslayer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description align with the actions in SKILL.md: it uses pilotctl to submit tasks with retries, backoff, jitter, and fallback agents. Requesting pilotctl (and a running pilot daemon) is appropriate. Minor inconsistency: the registry 'requires.bins' lists only pilotctl, but the SKILL.md explicitly depends on jq and Bash 4+, which are not declared.
!
Instruction Scope
The instructions run pilotctl commands and parse JSON with jq (expected for this purpose). However, the scripts assume environment variables (AGENT, PRIMARY, SECONDARY, TERTIARY, TASK_DESC and others) that are not declared in the skill metadata. The SKILL.md also instructs use of pilotctl peers to enumerate remote agents — this is within scope but will cause network/system activity via the local daemon. The omission of required env var declarations is a scope/clarity problem and could lead to unexpected behavior.
Install Mechanism
Instruction-only skill with no install spec or archives to download — lowest disk/write risk. Nothing is written or fetched by an installer from an arbitrary URL.
Credentials
The skill does not request secrets or credentials in metadata (no required env vars / primary credential). That is proportionate for a retry helper. Caveats: pilotctl and the local pilot daemon may use stored credentials/config behind the scenes (not declared), and the scripts expect jq and Bash 4+ which are not listed as required environment binaries. Also the skill expects certain environment variables to be set by the caller; this should be declared so users know what will be used.
Persistence & Privilege
always is false and the skill is user-invocable. There is no install step, no configuration writes, and the SKILL.md does not instruct modifying other skills or global agent settings.
What to consider before installing
This skill appears to do what it claims (submit tasks with retry/backoff via pilotctl), but before installing: 1) confirm you have jq and Bash 4+ available — the SKILL.md uses them but they are not declared in the skill metadata; 2) check how pilotctl and the local pilot daemon are configured (they may use stored credentials or network access you need to trust); 3) ensure you (or the caller) will set the environment variables the scripts expect (AGENT, PRIMARY, SECONDARY, TERTIARY, TASK_DESC, etc.), since they are not declared; 4) remember tasks must be idempotent before retrying to avoid duplicate side effects; and 5) note the skill is licensed AGPL-3.0 which has implications if you redistribute modified code. If these points are acceptable or clarified by the author, the skill is usable; if not, request the author to declare missing dependencies and environment variables and to document any implicit pilotctl authentication used by the daemon.

Like a lobster shell, security has layers — review code before you run it.

latestvk9740x5b5g3zh7rp16tpknhn4984g4tx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspilotctl

Comments