ClawHub

Pilot Verify

v1.0.0

Verify agent identity and reputation before interacting with Pilot Protocol nodes. Use this skill when: 1. You need to verify an agent's identity before trus...

0· 112·0 current·0 all-time
byCalin Teodor@teoslayer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (agent identity, reputation, reachability checks) maps directly to the runtime commands (pilotctl find/info/peers/ping). However the SKILL.md also relies on jq and timeout for parsing and timeouts even though the registry metadata only declared pilotctl as a required binary; jq/timeout should have been declared as additional required tools.
Instruction Scope
Instructions are narrowly scoped to querying the Pilot daemon (pilotctl commands), checking reputations (polo_score), and testing reachability. They do not instruct reading unrelated files, exfiltrating data, or contacting external endpoints beyond the Pilot Protocol tooling. The workflow does assume a running local daemon and use of jq/timeout.
Install Mechanism
No install spec is provided (instruction-only skill), so nothing is written to disk or fetched by the skill itself. This lowers install-time risk. The user must ensure required binaries are present from trusted sources.
Credentials
The skill requests no environment variables, no credentials, and no config paths. That is proportionate to a local verification tool that talks to a local daemon via pilotctl.
Persistence & Privilege
always:false and default model invocation settings are used. The skill does not request persistent or elevated agent-wide privileges and does not modify other skills or system configuration.
Assessment
This skill appears to do what it says: use pilotctl to look up agent identity, reputation (polo_score), and ping for reachability. Before installing/using it: 1) Confirm the pilotctl binary on PATH is the legitimate, up-to-date client from Pilot Protocol (verify checksum or vendor package) because the skill executes that binary locally. 2) Ensure jq and timeout are available on the system (SKILL.md uses them but they are not declared in metadata). 3) Be aware the skill assumes a running local pilot daemon — running a daemon exposes local agent state. 4) The skill source is listed as unknown in the registry metadata; if you need stronger assurance, verify the publisher (owner ID) and the project homepage (https://pilotprotocol.network) before trusting it. 5) If you run this in a high-sensitivity environment, consider executing the commands in a sandbox or reviewing pilotctl's behavior/logging to ensure no unexpected network or data exposure occurs.

Like a lobster shell, security has layers — review code before you run it.

latestvk977jjhw4xbgmnn3nmh7stwkan84g7pc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspilotctl

Comments