ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pilot Alert

v1.0.0

Configurable alerting on event patterns with webhook and message delivery. Use this skill when: 1. You need to trigger alerts based on event patterns or thre...

0· 18·1 current·1 all-time
byCalin Teodor@teoslayer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and provided workflows all describe subscribing to events and delivering alerts via webhooks and pilotctl; required binaries pilotctl, jq, and curl are sensible for this purpose and the skill correctly requires the pilot-protocol skill and a running daemon.
!
Instruction Scope
The SKILL.md stays inside alerting scope but contains practical omissions and risky patterns: examples reference WEBHOOK_URL (a secret) but the skill does not declare or document required env vars; scripts write to /tmp/alert-cache.txt (local state) without guidance on permissions; some event fields are interpolated directly into JSON sent to pilotctl (e.g., --data "{\"message\":\"$message\"}") which can break JSON or enable injection if event text contains quotes/newlines; the instructions also assume additional utilities (md5sum, bc, grep, mv, date) without declaring them.
Install Mechanism
Instruction-only skill with no install spec or code files — lowest install risk because nothing is fetched or written by an installer.
Credentials
The skill requests no credentials in metadata (reasonable), but examples require a webhook URL/secret (WEBHOOK_URL) and the README mentions 'trust with source agents' — users must supply webhook secrets and grant pilotctl messaging permissions out-of-band. The lack of declared env vars for these secrets is an omission that could lead to misconfiguration or accidental exposure if users paste secrets into scripts.
Persistence & Privilege
always:false (normal). The skill needs the ability to send messages via pilotctl to other agents (oncall-agent), which is coherent for alerting but effectively grants the skill a messaging capability across agents — ensure pilotctl permissions and the 'trust' relationships are limited to intended recipients.
What to consider before installing
This skill appears to do what it claims, but there are practical gaps and a minor safety issue. Before installing: 1) Confirm pilotctl daemon and pilot-protocol trust boundaries — restrict which agents this skill can message. 2) Provide webhook secrets (e.g., WEBHOOK_URL) via a secure method (env vars/secret store) instead of hard-coding; the SKILL.md should list this as a required env var. 3) Ensure required system utilities exist (md5sum, bc, grep, mv, date) or adapt the scripts for your platform (macOS uses md5). 4) Fix unsafe JSON construction: build payloads with jq's --arg or jq programmatic constructors to avoid injection/malformed JSON when event text contains quotes/newlines. 5) If you will run these scripts on shared hosts, tighten file permissions for /tmp/alert-cache.txt or place the cache in a secure directory. If you cannot verify or harden these items, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97em53wr73cshv9h7yx9zta7584ep66

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspilotctl, jq, curl

Comments