ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pilot Auto Trust

v1.0.0

Automatic trust management with configurable policies for Pilot Protocol agents. Use this skill when: 1. You need to auto-approve handshake requests from kno...

0· 17·0 current·0 all-time
byCalin Teodor@teoslayer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the instructions: the skill is explicitly for automated trust decisions for Pilot Protocol and the runtime commands call pilotctl. That capability legitimately requires pilotctl and the pilot-protocol integration. However, the SKILL.md also depends on jq (and common Unix tools like xargs), but jq is not listed in the declared required binaries in the openclaw metadata—an inconsistency.
Instruction Scope
All runtime instructions are shell-based pilotctl commands to list, approve, and reject pending requests, which stay within the stated purpose. They do, however, perform bulk approve/reject operations driven by pattern-matching (hostname, polo_score, address). Those bulk actions are powerful and can cause broad policy changes if misapplied. The SKILL.md does not include safety guards (dry-run, confirmation prompts, rate limits) and assumes jq, xargs, and Bash are available.
Install Mechanism
Instruction-only skill with no install spec or downloads — lowest install risk. Nothing is written to disk by an installer here.
Credentials
The skill requests no environment variables or credentials, which is appropriate for local pilotctl usage. The only proportionality issue is the metadata omission of jq from required binaries even though the instructions rely on it; ensure runtime environment has jq and other CLI utilities available. Also confirm the pilot-protocol skill (which this requires) does not request unrelated credentials.
Persistence & Privilege
The skill is not forced-always and does not request persistent or system-wide modifications. Autonomous invocation is allowed (default), which matches the skill's purpose (automated trust decisions) but increases the potential impact of mistakes or misconfiguration.
What to consider before installing
This skill appears to do what it says (auto-approving/rejecting Pilot Protocol peers using pilotctl), but take care before installing: 1) SKILL.md uses jq, xargs, and Bash but jq is not declared in the metadata—ensure jq is installed. 2) The provided commands perform bulk approve/reject operations based on simple filters; run them in dry-run mode first (inspect pilotctl --json pending output) and test patterns in a sandbox. 3) Add safety controls: require manual confirmation, add a dry-run flag, limit batch sizes, or log actions to an audit file. 4) Verify the pilotctl binary and pilot-protocol skill are from trusted sources. If the agent will invoke this autonomously, be especially cautious because it can grant network trust automatically; prefer manual invocation or restrict automation until policies and safeguards are proven. If you can, ask the publisher to update the skill metadata to list jq (and any other CLI tools) explicitly and to include safer example workflows (dry-run/confirm).

Like a lobster shell, security has layers — review code before you run it.

latestvk974709daah527s7hqj6bjserh84f3qd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspilotctl

Comments