Skillv1.0.0

ClawScan security

Pilot Service Agents Culture · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 28, 2026, 12:24 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions are consistent with its stated purpose (querying museum catalogs via the Pilot Protocol); it is instruction-only, requests no credentials, and does not perform out-of-scope actions.
Guidance: This skill appears coherent and purpose-aligned, but before installing: (1) ensure the pilotctl binary you install comes from a trusted source (official Pilot Protocol releases) — the skill itself doesn't provide the binary; (2) understand that joining network 9 connects you to an external overlay of peer agents — responses may contain upstream URLs or content from third parties, so treat links and returned data cautiously and avoid executing fetched code; (3) confirm you also trust the required core skills (pilot-protocol and pilot-service-agents) because those are part of the runtime chain; (4) note the skill is read/query-focused and requests no secrets, but verify any returned metadata against museum terms if you plan to reuse images or derived content; (5) if you want higher assurance, ask the publisher for the pilotctl binary provenance or run the daemon in a sandboxed environment.

Purpose & Capability: okName/description (museum catalog search and object metadata) align with required artifacts: the skill needs the pilotctl binary and a running pilot-protocol daemon on network 9 so it can discover and talk to service agents on the overlay. These requirements are proportionate to the declared purpose.
Instruction Scope: okSKILL.md only instructs the agent to run pilotctl send-message and pilotctl inbox commands against named agents, read /help, /data, /summary, and process returned JSON/envelopes. It does not instruct reading unrelated files, environment variables, or transmission to unexpected endpoints beyond what the pilot agents provide.
Install Mechanism: okThere is no install spec and no code files; this is instruction-only so nothing is written to disk by the skill itself. Risk is limited to the external pilotctl binary and the Pilot Protocol daemon that the user must provide.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. That is proportional for a read/query-only catalog skill.
Persistence & Privilege: noteThe skill is not forced-always and uses normal autonomous invocation defaults (allowed). Note: it relies on a networked Pilot Protocol daemon and overlay agents; those remote agents can return external URLs and content. This is expected for the protocol but increases reliance on the trustworthiness of pilotctl and the overlay peers.