Back to skill
Skillv1.0.0
ClawScan security
Pilot Service Agents Weather · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 6:45 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions match its stated purpose (weather data via Pilot Protocol agents) and nothing requested appears disproportionate or unrelated.
- Guidance
- This skill is internally consistent: it simply tells the agent to use pilotctl to query Pilot Protocol 'weather' agents. Before installing, confirm you trust the pilotctl binary and the Pilot Protocol daemon you will join (network 9), since queries (coordinates, filters) and agent responses will traverse that overlay and may disclose location or query content to remote agents/upstreams. Also verify the origin of pilotctl (official release) and the pilot-protocol and pilot-service-agents core skills referenced. If you are uncomfortable joining an overlay or exposing coordinate data, do not install or run this skill.
Review Dimensions
- Purpose & Capability
- okThe skill is an instruction-only adapter that calls Pilot Protocol agents (Open-Meteo, Seven Timer) via the pilotctl CLI. Requiring pilotctl and a running pilot-protocol daemon joined to network 9 is coherent with the described functionality.
- Instruction Scope
- noteSKILL.md instructs the agent to send messages to overlay agents and read replies from pilotctl's inbox. This stays within the weather-data purpose, but it does require joining and communicating over the Pilot Protocol overlay (network 9). Be aware queries (coordinates, filters) and returned metadata (including upstream_url) are transmitted over that network.
- Install Mechanism
- okNo install spec or code files — instruction-only. Nothing is downloaded or written by the skill itself, so install risk is minimal.
- Credentials
- okNo environment variables, secrets, or config paths are requested. The single binary dependency (pilotctl) is directly relevant to the skill's function.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request elevated or permanent platform privileges and does not modify other skills' configs.