Skillv1.0.0

ClawScan security

Pilot Agent Marketplace Setup · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 22, 2026, 7:27 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: its description, required binaries, and runtime instructions align and it does not request unrelated credentials or unusual installs, but you should review the individual skills that clawhub will install and the handshake/trust behavior before deploying.
Guidance: This skill appears coherent for deploying a 4-node Pilot marketplace. Before running it: (1) confirm you trust the clawhub and pilotctl binaries and understand what clawhub install will fetch (inspect sources or run a dry-run if available), (2) run the setup on dedicated hosts or isolated test environments first, (3) review any transitive skills (especially escrow, webhook-bridge, audit-log) for credentials or external endpoints they require, and (4) verify the automatic handshake/trust behavior and network port (1002) exposure against your security policy.

Review Dimensions

Purpose & Capability: okName/description (deploy a 4-agent marketplace) match the instructions. The declared required binaries (pilotctl, clawhub) are the exact tools used in the SKILL.md commands, and the listed skills to install correspond to the described roles.
Instruction Scope: noteInstructions stay within the stated scope: install listed pilot-* skills via clawhub, set hostnames with pilotctl, write a manifest to ~/.pilot/setups/agent-marketplace.json, and perform pairwise handshakes. Caveats: the guide writes to the user's home (~/.pilot), performs networked handshakes (auto-approved trust behavior is mentioned), and relies on a running daemon — verify that automated handshake/trust semantics and network ports are acceptable in your environment.
Install Mechanism: okThis is an instruction-only skill (no install spec), so nothing is written by the skill itself. It instructs running clawhub install, which is expected for this purpose. Note: clawhub will fetch/enable many transitive skills; review those separately for their install sources and risks.
Credentials: okNo environment variables or credentials are requested by this skill. The lack of secrets is proportionate to an orchestration/setup guide. However, some of the transitive skills being installed (pilot-escrow, pilot-webhook-bridge, etc.) may later require credentials — review them individually.
Persistence & Privilege: okalways is false and disable-model-invocation is default; the skill does write a manifest under ~/.pilot and sets hostnames via pilotctl (expected for setup). It does not request elevated platform privileges or attempt to modify other skills' configs beyond installing them via clawhub.