Back to skill
Skillv1.0.0
ClawScan security
Pilot Service Agents Reference · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 4:29 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally coherent: it only documents how to use the pilotctl CLI to query small public reference agents and does not request credentials, install code, or ask for unrelated system access.
- Guidance
- This skill appears safe and coherent for lookups, but it depends on the pilotctl binary and a running Pilot Protocol daemon joined to network 9. Before installing, verify you trust the source of pilotctl and the daemon (confirm binary provenance, version, and checksums), and be comfortable joining network 9 because agent queries traverse that overlay. Avoid sending secrets or sensitive credentials in queries (agents and returned upstream_url fields may point to external endpoints), and consider running pilotctl/daemon in a sandbox or isolated environment if you are unsure about network exposure.
Review Dimensions
- Purpose & Capability
- okThe name/description claim lightweight lookups and the SKILL.md only requires pilotctl and a running pilot daemon on network 9 to discover and query small reference agents. Requiring pilotctl/daemon is proportional to that purpose.
- Instruction Scope
- okRuntime instructions are explicit about running pilotctl commands (send-message, inbox, list-agents) and reading agent responses. The instructions do not ask the agent to read local files, environment variables, or transmit unrelated data. They do not grant broad discretionary actions to the agent.
- Install Mechanism
- okNo install spec or downloaded artifacts are present; this is instruction-only, so nothing will be written to disk by the skill itself. Risk depends on the existing pilotctl binary (outside the skill).
- Credentials
- okNo environment variables, credentials, or config paths are requested. The declared requirements (pilotctl and a joined daemon) align with the described functionality.
- Persistence & Privilege
- okalways:false and default model invocation settings are used. The skill does not request permanent presence or modify other skills' config. Autonomous invocation is allowed but is the platform default and not excessive here.