ClawHub

Pilot Gossip

Security checks across static analysis, malware telemetry, and agentic risk

Overview

Pilot Gossip is coherent with its stated swarm-replication purpose, but it shares and accepts peer state with little visible validation or containment.

Install only if you understand and trust the Pilot swarm you will use it with. Do not gossip secrets or private data, and add authentication, schema validation, and conflict controls before relying on it for important shared state.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI07: Insecure Inter-Agent Communication
Medium
What this means

A user could unintentionally send sensitive or operationally important state to peers whose trust level is not clear from the skill instructions.

Why it was flagged

The skill sends caller-provided state to randomly selected peer addresses; the artifact does not describe peer authentication, allowlisting, or sensitive-data boundaries.

Skill content
PEERS=$(pilotctl --json peers --search "swarm:$SWARM_NAME" | jq -r '.[].address' | shuf -n $FANOUT)
... pilotctl --json send-message "$peer" --data "{\"type\":\"gossip_push\",...\"state\":$STATE_DATA...}"
Recommendation

Only use this with a clearly trusted swarm, define an allowlist or authenticated peer set, and avoid including secrets or private data in gossiped state.

#
ASI06: Memory and Context Poisoning
Medium
What this means

A mistaken or malicious peer could inject higher-version state that contaminates local shared state and influences later agent behavior.

Why it was flagged

The merge logic accepts received gossip messages based on message type and higher version, with no visible sender verification, signature check, schema validation, or conflict policy.

Skill content
GOSSIP_MSGS=$(pilotctl --json received | jq '[.messages[] | select(.payload.type == "gossip_push")]')
...
if [ "$REMOTE_VERSION" -gt "$MY_VERSION" ]; then
  MY_STATE=$(echo "$MY_STATE $REMOTE_STATE" | jq -s '.[0] * .[1]')
Recommendation

Validate message origin, signatures, schemas, size limits, and conflict rules before merging peer-provided state.

#
ASI08: Cascading Failures
Low
What this means

Incorrect state may spread beyond the first agent that received it.

Why it was flagged

Repeated fanout to random peers is central to gossip, but it can also amplify bad state if validation is weak.

Skill content
for round in $(seq 1 10); do
  PEERS=$(pilotctl --json peers --search "swarm:$SWARM_NAME" | jq -r '.[].address' | shuf -n 3)
  ... pilotctl --json send-message "$peer" ... &
  sleep 5
done
Recommendation

Use bounded rounds, small fanout, rollback/version policies, and monitoring when testing in a real swarm.

#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

Users may not realize all local command dependencies needed for the examples to work.

Why it was flagged

The machine-readable requirement lists pilotctl, while the human-readable dependency section also requires jq, shuf, and base64.

Skill content
openclaw:
  requires:
    bins:
      - pilotctl
...
## Dependencies
Requires pilot-protocol skill, jq, shuf, and base64.
Recommendation

Declare all required binaries in metadata or document a clear setup check before use.