Back to skill
Skillv1.0.0
ClawScan security
Pilot Escrow · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 9, 2026, 2:19 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements are consistent with an escrow workflow using the pilotctl CLI, but there are minor documentation/declared-requirement gaps you should verify before use.
- Guidance
- This skill appears to do what it says: use pilotctl to create and manage escrow messages on the pilot-protocol network. Before installing or running it: 1) Confirm you have pilotctl, jq, and sha256sum (or equivalent) installed—SKILL.md uses them but they aren't fully declared in the registry metadata. 2) Understand that you (or the agent) must supply variables like ESCROW_AGENT, EXECUTOR_ADDR, REWARD, TASK_SPEC, ARBITER_ADDR, RESULT, and ESCROW_ID; these are not automatically provided. 3) Only point ESCROW_AGENT at a trusted escrow node—the skill will send task results and other data to that agent. 4) Review the AGPL-3.0 license implications for your use case. 5) If you need stronger guarantees, request that the skill explicitly declare all required binaries and any environment assumptions, and consider limiting what data is sent as the RESULT payload. If any of these items are unclear or the escrow agent is untrusted, treat the skill with caution.
Review Dimensions
- Purpose & Capability
- okThe name/description (pilot escrow for task payouts) aligns with the actions in SKILL.md: creating escrows, submitting proofs, disputing, and releasing funds via the pilotctl CLI on the pilot-protocol network.
- Instruction Scope
- noteThe runtime instructions operate entirely via pilotctl (send-message, peers, inbox, info) which is expected. They do reference several shell variables ($ESCROW_AGENT, $EXECUTOR_ADDR, $REWARD, $TASK_SPEC, $ARBITER_ADDR, $RESULT, $ESCROW_ID) that are not declared by the skill—these must be provided by the caller. The instructions also send task results (the $RESULT payload and its hash) to an escrow agent; that is expected for an escrow but means you must trust the escrow agent endpoint. SKILL.md uses jq and sha256sum but the registry's required-binaries only lists pilotctl (see environment_proportionality/installation notes).
- Install Mechanism
- okInstruction-only skill with no install spec or code files; this is low-risk from an installation perspective because nothing is downloaded or written by the skill itself.
- Credentials
- noteThe skill requests no credentials or config paths, which is appropriate. It does call `pilotctl --json info` to read the local pilot address (needed to identify the requester). However, SKILL.md expects tools (jq, sha256sum) that are not declared in the registry required-binaries list—ensure these are available. Also be aware that arbitrary data (RESULT) will be transmitted to the escrow agent; no secrets are requested by the skill itself, but sensitive data could be sent if provided as input.
- Persistence & Privilege
- okalways is false and the skill is user-invocable only. The skill does not request persistent installation or modification of other skill/system configurations.