Back to skill
Skillv1.0.0
ClawScan security
Pilot Compliance Governance Setup · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 22, 2026, 9:30 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions generally match its stated purpose (deploying a 4-agent compliance stack), but it asks you to install many third-party pilot-* skills and to establish automated trust/bridge connections without declaring credentials or provenance, which increases attack surface and could expose audit data to external endpoints.
- Guidance
- This skill appears to do what it says (set up four governance agents) but you should be cautious before running it. Key actions to take before installing: 1) Verify the provenance and integrity of the pilotctl and clawhub binaries (are they from a trusted, signed source?). 2) Inspect the specific pilot-* packages clawhub will install — each may request external credentials or add network connectors. 3) Plan where signing keys and any webhook/slack credentials will be stored and who can access them; the skill does not declare these needs. 4) Be careful when executing the handshake steps: automated trust between agents can expose data flows if endpoints are compromised. 5) If possible, test the setup in an isolated environment or staging cluster first. Providing the actual URLs/repositories for the pilot-* packages, a list of expected credential names for connectors, and details on where keys are stored would raise my confidence and could change this assessment to benign.
Review Dimensions
- Purpose & Capability
- noteName/description align with the actions in SKILL.md: installing agent roles, setting hostnames, writing a manifest, and performing handshakes via pilotctl. Required binaries (pilotctl, clawhub) are appropriate. However, the skill instructs installing multiple connector/bridge skills (e.g., pilot-slack-bridge, pilot-webhook-bridge) that will likely need external credentials which this skill does not declare or surface.
- Instruction Scope
- concernThe SKILL.md tells the agent to install many other skills, write a manifest to ~/.pilot/setups/compliance-governance.json, and perform automated handshakes that auto-approve trust once both sides send a handshake. The document also enables external data flows (webhook/Slack bridges). These are coherent with a governance setup but expand the runtime scope substantially and could result in sensitive audit data being forwarded externally if connectors are misconfigured or credentials are provided to those installed skills.
- Install Mechanism
- noteInstruction-only skill (no install spec, no code) which is low risk by itself. However it requires running clawhub install to fetch many pilot-* skills; the security depends entirely on the provenance and contents of those packages installed by clawhub (not visible here).
- Credentials
- concernThe skill declares no required environment variables or credentials, yet it instructs installing connectors that normally require external credentials (Slack tokens, webhook endpoints) and a certifier role that manages signing keys. Not declaring these expected credentials is an omission that obscures where secrets will be provided or stored and prevents users from assessing privilege needs up front.
- Persistence & Privilege
- notealways is false and the skill does not itself request persistent platform-wide privileges. That said, it instructs installing multiple persistent skills and writing a setup manifest into the user's home directory, and it guides creation of automated peer handshakes which grant trust between agents — so the overall deployment results in persistent, interconnected services. This combination increases blast radius if any installed skill is malicious or misconfigured.