Skillv1.0.0

ClawScan security

Pilot Etl Data Pipeline Setup · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 22, 2026, 11:33 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions mostly match its stated purpose, but it omits and relies on other components that will need sensitive credentials and external installs (via clawhub) which are not declared — this gap and the transitive install/handshake behavior merit caution.
Guidance: This skill is coherent for setting up a Pilot ETL pipeline but take these precautions before installing: 1) Verify pilotctl and clawhub are obtained from trusted sources and understand how clawhub resolves packages (review its registry/sources). 2) Review each transitively installed skill (pilot-s3-bridge, pilot-database-bridge, pilot-webhook-bridge, pilot-slack-bridge, etc.) to see what credentials and network access they require and how they store/use secrets. 3) Be cautious with handshakes — only exchange trust with known hosts and test in a staging environment first. 4) Inspect the created manifest (~/.pilot/setups/etl-data-pipeline.json) before allowing it to operate. 5) Ensure egress/network policies and logging are in place so bridges that forward data or call external webhooks cannot exfiltrate sensitive data unnoticed.

Review Dimensions

Purpose & Capability: okThe name, description, and required binaries (pilotctl, clawhub) align with deploying Pilot protocol agents and installing agent skills. The listed roles, manifests, and commands are coherent for setting up a 5-stage ETL pipeline.
Instruction Scope: noteSKILL.md stays within ETL setup scope (install skills with clawhub, set hostnames with pilotctl, write a manifest to ~/.pilot/setups/etl-data-pipeline.json, and perform handshakes). It instructs sending files and publishing messages (pilotctl send-file/publish), which will move data — expected for this task. However, it does not mention how to provision required credentials (S3, DB, Slack, webhook endpoints) that many referenced bridges will need before they function.
Install Mechanism: noteThis is instruction-only (no install spec), which is lower direct risk. However it directs use of 'clawhub install' to fetch and install many transitively referenced skills (pilot-s3-bridge, pilot-slack-bridge, etc.). The SKILL.md does not document where clawhub pulls packages from or how to verify them, so the security of those transitive installs depends entirely on clawhub and the package sources.
Credentials: concernThe skill declares no required environment variables, yet the pipeline components it installs (S3 bridge, database bridge, webhook/slack bridges) will require secrets and network access (S3 keys, DB credentials, Slack tokens, webhook URLs). Not declaring or prompting for these credentials is an omission: the skill will cause you to install components that need sensitive credentials without explaining how they are handled.
Persistence & Privilege: noteThe skill writes a manifest to ~/.pilot/setups/etl-data-pipeline.json (normal for config). always:false and default autonomous invocation are set (no special permanent privilege). The handshake workflow auto-approves trust once both sides exchange handshakes — this is expected for the Pilot protocol but can unintentionally broaden trust if hostnames or peers are mis-specified.