Pilot Certificate
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill claims to issue and verify cryptographically signed capability certificates, but its instructions appear to create unsigned admin-capability JSON files and only check expiration.
Review carefully before installing or using. Do not treat the generated files as secure signed certificates unless you add real signing and signature verification, and only issue certificates with explicitly chosen minimal capabilities, recipients, and expiration times.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could trust a certificate as cryptographically verified when it is only an unsigned JSON file with a valid-looking expiration time.
The skill advertises Ed25519-signed certificates, but the verification example only checks whether the expiration timestamp has passed; no signing or signature verification command is shown.
Capability certificate system for Pilot Protocol using Ed25519 signatures. ... [ $(date +%s) -le $EXPIRES_TS ] && echo "VERIFIED" || echo "EXPIRED"
Do not rely on these certificates for authorization unless the skill is updated to actually sign certificates and verify Ed25519 signatures using a clearly defined trusted key.
If used as written in a real Pilot Protocol environment, it could delegate excessive authority to an agent or recipient.
The default issuance flow grants broad admin-level capabilities and sends the certificate artifact, but it does not require the user to choose minimal capabilities or confirm the recipient and authority being delegated.
"capabilities": ["read", "write", "admin"], ... pilotctl --json send-file "$RECIPIENT" ~/.pilot/certificates/issued/cert-$CERT_ID.json
Require explicit user selection of subject, recipient, expiration, and least-privilege capabilities before issuing or sending any certificate.
The skill may fail or behave inconsistently if the extra dependencies are missing or not the expected implementations.
The registry declares pilotctl as the required binary, while the skill instructions also rely on jq, openssl, and the pilot-protocol skill/daemon.
openclaw:\n requires:\n bins:\n - pilotctl ... Requires pilot-protocol, pilotctl, jq, and openssl.
Declare all required tools and versions in metadata or installation guidance so users can verify the local environment before running the commands.