Skillv1.0.0

ClawScan security

Pilot Auction · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 8, 2026, 10:13 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions align with its auction purpose; it's an instruction-only wrapper around the pilotctl CLI and a running pilot daemon, with no unexpected credential requests or install steps.
Guidance: This skill is an instruction-only wrapper around the pilotctl CLI and a running pilot daemon — it appears coherent for running auctions. Before installing: 1) Ensure you have a trusted pilotctl binary and a legitimate pilot-protocol deployment (the skill will call your local daemon and may use stored keys/config). 2) Install jq (used by the examples) if you plan to run the scripts — the registry metadata omitted jq. 3) Avoid publishing sensitive task payloads to the auction or network unless you understand how pilot-protocol handles confidentiality. 4) If you don't want autonomous agent invocation, note the platform default allows skills to be invoked by agents; this skill is user-invocable and does not require extra credentials, but any automated run will still be able to call your local pilotctl. 5) If you need higher assurance, inspect your pilotctl configuration and run the example scripts in a sandboxed environment first.

Review Dimensions

Purpose & Capability: okThe name/description (task auction/marketplace) align with the actual instructions: publishing auctions, collecting bids, selecting a winner, and submitting tasks via the pilotctl CLI and pilot-protocol. Required binary (pilotctl) is appropriate for the described functionality.
Instruction Scope: noteSKILL.md limits actions to pilotctl calls, local file writes (/tmp/*) and jq processing; it does not request unrelated system access. Small inconsistency: the document and examples use jq but the registry metadata only declared pilotctl under required binaries. The instructions will transmit task payloads and addresses over the pilot network (expected for an auction skill) — users should consider whether their task data is sensitive before publishing.
Install Mechanism: okInstruction-only skill with no install spec; nothing is downloaded or written by the skill itself. This is the lowest-risk install model.
Credentials: noteThe skill declares no required env vars or credentials, which is consistent. However, it interacts with the local pilot daemon/CLI (pilotctl), which may access stored keys/configurations outside the skill. That access is expected for this use case but implies the skill can cause outgoing network activity and share task payloads with other agents.
Persistence & Privilege: okalways:false and no install hooks or changes to other skills' configuration. The skill does not request permanent presence or elevated platform privileges.