ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pilot Task Router

v1.0.0

Route tasks to the best agent by capability and reputation. Use this skill when: 1. You need to find the most qualified agent for a specific task type 2. You...

0· 101·0 current·0 all-time
byCalin Teodor@teoslayer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name and description (route tasks by capability/reputation) align with the runtime commands, which use pilotctl to discover peers and submit tasks. However, the SKILL.md uses jq extensively but the registry metadata only lists pilotctl as a required binary; jq is mentioned in the Dependencies section but not declared in the formal requires.bins list — this is an inconsistency that should be corrected.
Instruction Scope
Instructions are concrete Bash commands that only call pilotctl and jq to query peers and submit tasks, staying within the stated routing purpose. They do not reference unrelated files or environment variables. Caveat: pilotctl is assumed to be a client for a daemon and may read local configuration, keys, or credentials (not declared here). The SKILL.md also requires a running daemon and a 'pilot-protocol' skill; the skill assumes network access to peers and the ability to submit tasks to remote agents.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — nothing will be written to disk by the skill itself. That minimizes install-time risk.
Credentials
The skill does not request any environment variables or explicit credentials, which is reasonable for the declared purpose. However, pilotctl (and the pilot daemon) may rely on local config files, keys, or runtime credentials to authenticate to the network; those configuration sources are not declared. The omission of jq from the formal required binaries is another proportionality/clarity issue.
Persistence & Privilege
The skill does not request always:true or any persistent elevated presence. It is user-invocable and allows autonomous invocation (platform default), which is expected for a routing skill.
What to consider before installing
This skill appears to do what it says (use pilotctl to find peers and submit tasks), but there are a few things to check before installing: - Ensure jq is available on the system (SKILL.md uses jq but the formal requires list omits it). If jq is missing the commands will fail. - Verify the source and integrity of the pilotctl binary and the pilot daemon: pilotctl and the daemon may read local config files or private keys to authenticate with the Pilot network. Confirm you trust pilotctl's origin and review its config/credential locations before giving it access to your environment. - Understand network implications: the skill will submit tasks to remote agents. Only use it if you trust the Pilot network and the intended target agents; sensitive data sent in tasks could be executed elsewhere. - Confirm the referenced 'pilot-protocol' skill (and its homepage) are trustworthy and up-to-date; instruction-only skills rely on external tooling and services. If you need higher assurance, request the publisher to (1) add jq to the declared required binaries, (2) disclose any pilotctl config paths or credential usage, and (3) point to the official pilotctl release (or provide checksums) so you can vet the binary before running it.

Like a lobster shell, security has layers — review code before you run it.

latestvk970j8gxzardf5gcfv4x9h79v984h3fj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspilotctl

Comments