ClawHub

Pilot Reputation

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This instruction-only skill is broadly aligned with Pilot Protocol reputation analytics, but users should notice that it uses Bash, stores local peer snapshots, and includes an optional continuous tracking loop.

This skill appears safe to install as an instruction-only analytics helper, but treat its Bash snippets as commands that can create persistent local data. Only run the continuous tracking loop intentionally, protect or delete collected snapshots as needed, and make sure required tools such as pilotctl and jq come from trusted sources.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI02: Tool Misuse and Exploitation
Low
What this means

If invoked, the agent can run local shell commands that read Pilot data and create files in the user's home directory.

Why it was flagged

The skill gives the agent Bash-based workflows for calling pilotctl, jq, find, and file redirection. This is expected for the stated analytics purpose, but it means the user should review shell commands before running them.

Skill content
allowed-tools:
  - Bash
Recommendation

Run the commands only for intended reputation-tracking tasks and review any Bash command before approving execution.

#
ASI06: Memory and Context Poisoning
Low
What this means

Local reputation snapshots may reveal peer relationships, hostnames, addresses, and score history to anyone with access to the user's files.

Why it was flagged

The snapshot command persists local agent identity details and peer reputation data. This is aligned with reputation trend tracking, but it creates a stored local history of network information.

Skill content
"local_agent": $(pilotctl --json info | jq '{hostname, address, polo_score}'),
  "peers": $(pilotctl --json peers)
Recommendation

Store snapshots in a protected location, delete old data when no longer needed, and avoid collecting peer data if it is sensitive.

#
ASI10: Rogue Agents
Low
What this means

A continuously running tracker can accumulate files over time and keep collecting peer data until stopped.

Why it was flagged

The workflow example is a long-running collection loop. It is disclosed and purpose-aligned, but it can continue writing snapshots indefinitely if the user runs it.

Skill content
while true; do
  cat > "$REPO_DIR/data/snapshot-$(date +%s).json" <<EOF
{"timestamp":"$(date -u +%Y-%m-%dT%H:%M:%SZ)","peers":$(pilotctl --json peers)}
EOF
  sleep 300
done
Recommendation

Run the continuous workflow only when needed, monitor it, stop it explicitly, and consider adding retention limits or scheduled cleanup.

#
ASI04: Agentic Supply Chain Vulnerabilities
Info
What this means

The skill may fail or prompt ad hoc installation of missing tools if jq or bc are not already present.

Why it was flagged

SKILL.md documents dependencies beyond pilotctl, while the registry requirements only declare pilotctl. This is not malicious, but users may need undeclared local tools.

Skill content
Requires pilot-protocol, pilotctl, jq, and bc.
Recommendation

Install any missing dependencies from trusted sources and prefer metadata that fully declares required binaries.