Pilot Github Bridge
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is purpose-aligned, but it exposes a public webhook-to-agent bridge that can trigger other agents without documented authentication, signature validation, or lifecycle controls.
Review before installing or using. This skill fits its GitHub-to-Pilot bridge purpose, but do not expose the relay publicly until you have verified GitHub webhook signatures, limited which repositories and event types can trigger agents, reviewed the relay server code, and added clear start/stop controls.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the relay accepts spoofed or unauthorized requests, outside parties could cause Pilot agents to receive fake repository events and potentially trigger automated workflows.
The workflow exposes a public relay and subscribes Pilot agents to GitHub events, but the artifacts do not show authentication, GitHub webhook signature validation, or subscriber permission boundaries.
pilotctl --json daemon start --hostname github-relay --public python3 github_relay_server.py & ... pilotctl --json subscribe localhost github-events
Only deploy the relay with verified GitHub webhook signatures, TLS, restricted network access, clear subscriber permissions, and logging of event origins.
Repository events may automatically start builds or reviews, consuming resources or activating workflows without further human confirmation.
The skill intentionally uses webhook-derived data to send messages to other agents. This matches the stated CI/CD bridge purpose, but it is still automation that can cause downstream actions.
[ "$BRANCH" = "main" ] && pilotctl --json send-message ci-builder --data "{\"action\":\"build\",\"repo\":\"$REPO\"}"
...
[ "$ACTION" = "opened" ] && pilotctl --json send-message code-reviewer --data "{\"repo\":\"$REPO\",\"pr\":$(echo "$EVENT" | jq -r '.number')}"Keep downstream agent actions scoped, require approvals for high-impact operations, and filter events by repository, branch, sender, and action type.
Users must obtain or write the relay server separately, and an unsafe relay implementation could mishandle webhook payloads or authentication.
The instructions depend on an external relay server script, but no such code is included in the provided artifact set for review.
# Start HTTP relay (external Python server) python3 github_relay_server.py &
Review the relay server code before running it, pin its source/version, and ensure it validates GitHub webhook signatures before forwarding events.
The bridge may keep listening and processing events until the user manually stops it, including after the original task is complete.
The workflow starts background services and an indefinite event loop. This is expected for a webhook bridge, but the artifact does not include shutdown or cleanup guidance.
pilotctl --json listen 1005 & ... python3 github_relay_server.py & ... while true; do EVENT=$(pilotctl --json recv 1005 --timeout 120s)
Run it under a supervised service with explicit start/stop commands, least-privilege permissions, and documented cleanup steps.