ClawHub

Pilot Disaster Response Setup

Security checks across malware telemetry and agentic risk

Overview

This instruction-only disaster-response setup is coherent, but it needs Review because it can route live public emergency alerts and create persistent Pilot configuration/trust without clear sandboxing or confirmation.

Install only in a staging or clearly isolated Pilot environment first. Do not connect the comms role to real emergency broadcast, SMS, Slack, webhook, or agency channels until you have reviewed every downstream pilot-* skill, confirmed credentials and destinations, backed up existing ~/.pilot configuration, and verified how to disable or undo handshakes and manifests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly describes a communications agent that broadcasts public alerts and coordinates with agencies, but it provides no warning that these integrations may connect to real emergency or operational channels. In a disaster-response context, unclear separation between test and production messaging increases the risk of accidental dissemination of false alerts, unnecessary panic, or disruption of agency workflows.

Missing User Warnings

High
Confidence
96% confidence
Finding
The 'Try It' section includes concrete publish commands for a high-severity flood public alert without any warning or guardrail indicating that these commands could reach live communication channels. Because this skill is specifically designed for emergency management and includes bridge skills for Slack/webhooks/announcements, a user could unintentionally trigger real notifications, causing public panic, reputational damage, and operational disruption.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill explicitly instructs the agent to modify persistent local configuration by writing a manifest into ~/.pilot/setups/disaster-response.json, but it does not require explicit user confirmation, disclose overwrite risk, or constrain how existing configuration should be handled. In an agent setting, persistent config writes can silently alter future behavior, create durable trust relationships, or interfere with other setups beyond the current session.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal