Skillv1.0.0

ClawScan security

Pilot Load Balancer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousApr 9, 2026, 5:23 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior broadly matches a load‑balancer description, but the runtime instructions are vague and inconsistent with the declared requirements (undeclared tooling, undefined variables, and file usage), so proceed with caution.
Guidance: This skill appears to implement load‑balancing via the pilotctl CLI and is not inherently malicious, but there are a few issues to check before use: - Ensure pilotctl is a trusted binary and pilot-protocol skill is safe; pilotctl performs network actions. - SKILL.md lists jq and uuidgen as dependencies but the registry only requires pilotctl — install and confirm jq/uuidgen are present. - Provide or validate the variables the scripts expect (TASK_ID, WORKER_COUNT, WORKER_STATUS) to avoid the agent making unsafe assumptions. - Review and sanitize the payloads sent with pilotctl --send-message and validate worker addresses to avoid sending sensitive data to unintended peers. - Be aware the script writes /tmp/load-balancer-index.txt (possible race conditions or cross-user interference); consider using a safer state store or a per-agent path. - If you need stronger assurances, request the publisher add explicit required binaries and example environment/inputs to SKILL.md or test in an isolated environment first.

Purpose & Capability: okName/description and commands revolve around distributing tasks via the pilotctl CLI and health-aware selection; requiring pilotctl and pilot-protocol is coherent with the stated purpose.
Instruction Scope: concernThe SKILL.md instructs the agent to read/write /tmp/load-balancer-index.txt and to call pilotctl send-message to peer addresses (network activity) which is within purpose but potentially impactful. The instructions reference several undeclared variables (TASK_ID, WORKER_COUNT, WORKER_STATUS) and do not define how those are provided, giving the agent broad discretion. The docs are also vague about validation of worker addresses and what payloads are acceptable.
Install Mechanism: noteThis is instruction-only (no install spec) which reduces disk-write risk. However SKILL.md declares additional dependencies (jq, uuidgen) that are not listed in the registry's required binaries — an inconsistency that could cause runtime failures or surprise about needed tooling.
Credentials: okThe skill requests no environment variables or credentials, which is proportionate. It does read/write a local file under /tmp for index state; that behavior is reasonable for a simple balancer but should be noted for multi-user or privileged environments.
Persistence & Privilege: okalways:false and no install steps or config changes are requested. The skill does not request persistent presence or elevated agent-wide privileges.