Back to skill
Skillv1.0.0
ClawScan security
Pilot Service Agents Finance · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 1:25 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions match its stated purpose (querying pilot-protocol service agents via pilotctl); it is instruction-only, requests no unrelated credentials, and does not perform unexpected actions.
- Guidance
- This skill is internally coherent and appears to do what it says: query public market agents over the Pilot Protocol using pilotctl. Before installing, verify you trust the pilotctl binary and pilot-protocol core skill (install from official sources), be aware that joining network 9 exposes a running daemon to a P2P overlay (check firewall/sandbox policies), and avoid sending any private credentials or personal data to service agents (the skill is intended for unauthenticated public feeds). If you need stronger isolation, run pilotctl/daemon in a container or VM. If you require further certainty, review the pilot-protocol project's official docs and the listed agent hostnames to ensure they match your expectations.
Review Dimensions
- Purpose & Capability
- okName/description ask for public market data via the Pilot Protocol. Declared requirements (pilotctl on PATH, pilot-protocol core skill, running daemon joined to network 9, reachable list-agents agent) are consistent with using a P2P service-discovery/query mechanism.
- Instruction Scope
- okSKILL.md instructs only to run pilotctl send-message and pilotctl inbox to discover agents, read their /help contracts, and fetch /data or /summary. It does not instruct reading unrelated files, environment variables, or exfiltrating data to unexpected endpoints.
- Install Mechanism
- okNo install spec or archive downloads are present (instruction-only). This minimizes install-time risk; the only external dependency is the pilotctl binary which must already be present.
- Credentials
- okThe skill declares no required environment variables, no credentials, and no config paths. That is proportional for a read-only public-data skill.
- Persistence & Privilege
- okalways is false and model invocation is allowed (platform default). The skill does not ask for persistent system-level changes or other skills' credentials.