Skillv1.0.0

ClawScan security

Pilot Dropbox · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 9, 2026, 2:19 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The instructions implement a peer-synced shared folder as described, but the SKILL.md relies on additional command-line tools and behaviors that are not declared in the registry metadata and the skill will actively read, write, watch, and transmit local files to peers — verify dependencies and peer trust before use.
Guidance: This skill appears to implement the shared-folder behavior it claims, but you should: 1) verify pilotctl and the pilot-protocol implementation come from a trusted source; 2) ensure the system has jq, md5sum (coreutils), and a file watcher (fswatch or inotifywait) installed — the registry metadata does not declare these dependencies; 3) only join peers/topics you trust because the skill will transmit local files to remote peers via pilotctl; 4) test the workflow in an isolated or non-sensitive directory before pointing it at important data; 5) consider running the watcher under a dedicated user or container to limit blast radius; and 6) if you expect stricter consistency or access controls, prefer other listed alternatives in the SKILL.md (pilot-sync / pilot-stream-data) or inspect pilotctl's auth model first.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (a Dropbox-like shared folder over Pilot Protocol) matches the runtime actions (subscribe, publish, send-file). However the registry metadata only declares pilotctl as a required binary while the SKILL.md uses jq, md5sum (coreutils), fswatch or inotifywait, and common file utilities (cp, rm, mkdir). These additional binaries are necessary for the instructions to work but are not declared.
Instruction Scope: noteInstructions explicitly read/write files under $HOME/pilot-dropbox, compute hashes, watch the directory, and send/receive files via pilotctl (publish/subscribe/send-file). That behavior is coherent with a shared-folder skill, but it grants the skill the ability to transmit local files to peers and to run a background watcher process. There are no instructions that attempt to read unrelated system files or environment variables, but the SKILL.md gives broad discretion about which PEER/TOPIC to use — selecting untrusted peers could leak data.
Install Mechanism: okThis is an instruction-only skill with no install spec and thus does not download or install code. That reduces installer risk, but it also means the skill assumes required tools are already present on PATH; the manifest should list all of them.
Credentials: noteNo environment variables or credentials are requested by the skill, which is proportionate. However, pilotctl itself likely depends on the user's Pilot Protocol configuration/credentials (not declared here). The skill will cause files to be sent to peers via pilotctl, so the real access control depends on the underlying pilotctl/pilot-protocol configuration and the peers you connect to.
Persistence & Privilege: okThe skill does not request always:true and doesn't modify other skills or system-wide agent settings. It instructs running background watcher processes in the user's session (normal for a sync tool) but does not attempt to persist as a system service in its instructions.