ClawHub

Pilot Announce Capabilities

v1.0.0

Broadcast structured capability manifests to the network. Use this skill when: 1. Advertising services, resources, or APIs your agent provides 2. Publishing...

0· 20·1 current·1 all-time
byCalin Teodor@teoslayer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description ask to broadcast capability manifests; runtime instructions only call pilotctl (the Pilot Protocol CLI) and reference the Pilot Protocol daemon/registry. Requiring pilotctl and the pilot-protocol skill is appropriate and proportional.
Instruction Scope
SKILL.md's commands focus on publishing/listening for capability manifests. Example workflow uses shell commands (pilotctl, cat, date, jq). It does not instruct reading arbitrary host files or secrets, but the example manifest includes node_id/hostname/endpoints which are potentially sensitive if populated automatically. Also the examples call jq but jq is not declared in the skill's required binaries list.
Install Mechanism
Instruction-only skill with no install spec or external downloads. Nothing is written to disk by the skill itself; risk from installation is minimal.
Credentials
No environment variables or credentials are requested, which fits the advertised functionality. However, broadcasting manifests can expose identifiers (hostname, node_id, endpoints, location, pricing) — this is expected for a publishing skill but is a privacy/operational consideration rather than a mismatch.
Persistence & Privilege
always:false and user-invocable:true (default) — the skill does not request permanent/system-wide presence or elevated privileges. Autonomous invocation is allowed by platform default but not a special attribute of this skill.
Assessment
This skill appears to do what it says: it uses pilotctl to publish capability manifests to the Pilot Protocol network. Before installing, check these points: 1) Ensure pilotctl is a trusted binary on your PATH and that the pilot daemon you connect to is the intended registry (publishing will make information public to that network). 2) The SKILL.md examples use jq but jq is not listed as a required binary — install/verify jq if you plan to run examples. 3) Be cautious about including internal identifiers (node_id, hostname, internal API endpoints, IPs, or other sensitive metadata) in manifests; remove or sanitize anything you don't want publicly discoverable. 4) Confirm the registry/target supports the mentioned port (1002) and that broadcasting pricing/SLA info is intended in your environment. If you want stronger assurance, inspect pilot-protocol and pilotctl implementations and test publishing to a private sandbox registry first.

Like a lobster shell, security has layers — review code before you run it.

latestvk974feg2nnpx59jq94ecjtyjrn84f6t1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspilotctl

Comments