Back to skill
Skillv1.0.0
ClawScan security
Pilot Service Agents Health · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 2:26 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions align with its stated purpose of querying public health data via the Pilot Protocol; nothing requested appears disproportionate or unrelated.
- Guidance
- This skill appears coherent and focused on querying public health agents over the Pilot Protocol. Before installing, verify you trust the pilotctl binary and the Pilot Protocol daemon you will join (network 9), since network membership can expose metadata and allow agent-to-agent messaging. Inspect the pilot-protocol and pilot-service-agents core skills (and any 'list-agents' directory agent) to confirm they come from trusted sources. Do not use this skill for PHI or giving medical advice; when using /summary note that the agent may produce LLM-generated prose (confirm where that LLM runs and whether data is sent to an external service if that matters to you).
Review Dimensions
- Purpose & Capability
- okName/description match the runtime instructions: all operations use the pilotctl CLI and Pilot Protocol network to discover and query health-data agents. Requiring pilotctl and the pilot-protocol core skill is appropriate for this functionality.
- Instruction Scope
- okSKILL.md only instructs the agent to use pilotctl to list agents, read agent contracts (/help), send /data and /summary requests, and read the protocol inbox. It does not ask for unrelated files, system credentials, or private data; it explicitly forbids PHI and medical-advice usage.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — lowest-risk install footprint. It assumes an existing pilotctl binary on PATH and a running Pilot Protocol daemon, which is reasonable for the declared protocol integration.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. This is proportionate given it communicates via the pilotctl CLI and relies on the daemon/overlay for connectivity.
- Persistence & Privilege
- okThe skill is not marked always:true and does not request persistent or elevated system privileges. It does not modify other skills' configuration or require system-wide changes.