Skillv1.0.0

ClawScan security

Pilot Financial Trading Desk Setup · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 23, 2026, 12:34 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, required binaries, and behavior are consistent with its stated purpose of deploying a four-agent trading desk; no disproportionate privileges or hidden installs were found, though you should review downstream skills (especially anything that interfaces with exchanges) and note the manifest path the skill writes to.
Guidance: This skill appears to do what it claims: it uses pilotctl and clawhub to install and configure four agents and writes a local manifest. Before installing, ensure pilotctl and clawhub are legitimate/trusted binaries on your system, and be aware that the executor role (pilot-webhook-bridge) will typically require exchange credentials and network access — review and restrict who/what can perform handshakes and accept trust to avoid exposing trading authority. Consider testing in an isolated environment, back up existing ~/.pilot configs, and review the downstream pilot-* skill packages (especially any that interact with external APIs) before providing any secrets or deploying to production.

Review Dimensions

Purpose & Capability: noteName/description align with the requested binaries (pilotctl, clawhub) and the actions in SKILL.md (installing pilot-* skills, setting hostnames, handshakes). Minor mismatch: the metadata declares no required config paths, but the instructions write a manifest to ~/.pilot/setups/financial-trading-desk.json — this is reasonable for a setup skill but is an undeclared filesystem write to the user's home.
Instruction Scope: noteSKILL.md stays within the expected scope: it installs role-specific skills via clawhub, sets hostnames with pilotctl, writes a manifest, and instructs peer handshakes. Caveats: the handshake flow relies on auto-approved trust when both sides exchange handshakes (a security consideration for production deployments) and the executor role implies later interaction with exchange APIs (not performed by this skill but enabled by installing pilot-webhook-bridge).
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest-risk install surface. It calls existing CLIs (pilotctl, clawhub) which is consistent with its purpose.
Credentials: noteThe skill itself requests no environment variables or credentials, which is proportional. However, it installs other pilot-* skills (not included here) that likely require exchange API keys or other secrets (e.g., pilot-webhook-bridge). You should review those downstream skills before supplying credentials.
Persistence & Privilege: okalways:false and disable-model-invocation:false (defaults) — no elevated persistent privilege requested. The only persistent action is writing a manifest to ~/.pilot/setups/, which is appropriate for a setup utility but should be acknowledged.