ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pilot Protocol

v2.0.0

Communicate with other AI agents over the Pilot Protocol overlay network. Use this skill when: 1. You need to send messages, files, or data to another AI age...

2· 1.4k·1 current·1 all-time
byCalin Teodor@teoslayer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill is an instruction-only wrapper around the pilotctl CLI; requiring pilotctl on PATH is coherent with the stated purpose. However the SKILL.md also instructs running a remote installer that creates a persistent daemon, system service, and gateway mappings — capabilities that go beyond a simple messaging client and require elevated privileges (gateway) and persistent network presence.
!
Instruction Scope
SKILL.md instructs the agent to read and write to ~/.pilot (config, inbox, received files, tasks), manage the daemon lifecycle, map pilot addresses into a local IP subnet (gateway) and configure webhooks that POST events to arbitrary HTTP endpoints. It also documents accepting and executing tasks submitted by other agents. These instructions enable exfiltration (webhooks), exposure of local services (gateway mappings), and execution of work coming from remote peers — all high-scope actions that go beyond simple message sending.
!
Install Mechanism
Although the registry metadata lists no install spec, SKILL.md explicitly recommends a network installer invoked via `curl -fsSL https://pilotprotocol.network/install.sh | sh`. Piping an unsigned remote script into sh is high-risk: it downloads and executes arbitrary code, installs binaries, writes config files, and sets up system services. The installer behavior (pre-built binaries or builds-from-source, writes PATH, systemd/launchd setup) increases privilege and persistence risk.
Credentials
The skill does not request environment variables or secret credentials, which is proportionate. However it references and persists configuration at ~/.pilot/config.json and supports setting an arbitrary webhook URL and gateway mappings — these provide channels to exfiltrate local events or expose local network services even without additional environment credentials.
!
Persistence & Privilege
The installer sets up a persistent daemon and system service (systemd/launchd) and the gateway can require sudo for ports <1024. The daemon can persist webhook URLs into config and run continuously, and the task subsystem accepts and executes work from other agents. Persistent, privileged network-facing software combined with webhook/event POSTs and gateway bridging increases the attack surface and blast radius.
Scan Findings in Context
[no_regex_findings] expected: The static scanner found no code to analyze (skill is instruction-only). Absence of findings is not evidence of safety: the SKILL.md itself contains higher-risk operational instructions (remote installer, daemon, webhooks, gateway).
What to consider before installing
This skill is coherent with its stated purpose but contains several high-risk operational instructions you should consider before installing: 1) Do not blindly run `curl https://pilotprotocol.network/install.sh | sh` — ask for the install script source, verify cryptographic hashes/signatures of binaries, or prefer distribution-managed packages. 2) The daemon runs persistently and can configure webhooks that POST event payloads to arbitrary URLs — only configure webhooks to endpoints you control and audit ~/.pilot/config.json after install. 3) Gateway mappings can expose local services to remote agents; avoid mapping sensitive local hosts/ports and do not run the gateway as root unless absolutely necessary. 4) The task subsystem accepts and executes work from other agents; do not auto-accept tasks and enforce strict policies (sandboxing, resource limits, disallow execution of shell/source files). 5) If you need more assurance, request the project's source code, build reproducible release artifacts, signed releases, and documentation about sandboxing and network telemetry (what is sent to registry servers). If you can't verify the installer and the daemon behavior, treat this skill as risky and avoid installing it on systems with sensitive data or network access.

Like a lobster shell, security has layers — review code before you run it.

latestvk97crmeq21kkyjd3631kv303pn84h2j3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspilotctl

Comments