Skillv1.0.0

ClawScan security

Pilot Threat Intelligence Setup · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 23, 2026, 6:47 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, required binaries, and actions are consistent with its stated purpose (deploying a 4-agent threat‑intelligence pipeline); it asks for no secrets and is instruction-only, but it will write a local manifest and uses system tools that will install additional components—review those installers and handshake behavior before running.
Guidance: This skill is coherent for deploying a Pilot-based threat-intelligence pipeline, but take these precautions before installing: 1) Verify 'pilotctl' and 'clawhub' are the legitimate, expected binaries on your system and understand what versions/sources they use. 2) The skill runs 'clawhub install' to pull many 'pilot-*' components—inspect those packages (their sources, maintainers, and install steps) before allowing them to be installed. 3) The procedure writes a manifest to ~/.pilot/setups/threat-intelligence.json and performs automatic handshakes that can auto-approve trust between peers—ensure you only handshake with hosts you control/trust. 4) If possible, test the setup in an isolated environment (VM or staging network) first. 5) The registry metadata omitted the declared config path (~/.pilot); consider this a minor metadata mismatch and verify file writes before proceeding.

Review Dimensions

Purpose & Capability: okName/description match the actions in SKILL.md: the skill uses pilotctl and clawhub to install and configure four agent roles and their 'pilot-*' subskills. Requested binaries (pilotctl, clawhub) are exactly the tools the instructions use. Minor inconsistency: SKILL.md writes a manifest to ~/.pilot/setups/threat-intelligence.json but the registry metadata lists no required config paths.
Instruction Scope: noteRuntime instructions are narrowly scoped to installing role-specific pilot-* skills (via clawhub), setting hostnames (pilotctl), writing a manifest in the user's home (~/.pilot/...), and performing peer handshakes/publishes. The instructions do not request secrets or read unrelated system files. Note: the skill instructs the agent to create files under the user's home and to initiate network handshakes (auto-approved trust when both sides handshake), which may have operational security implications—this is expected for a distributed TI setup but should be understood before running.
Install Mechanism: noteThere is no SKILL install spec (instruction-only), which is low-risk for this package itself. However, the instructions invoke 'clawhub install' to fetch many pilot-* components; those installers are external actions not captured here and may download/execute code. The skill does not provide or pin the sources for those pilot-* packages.
Credentials: okThe skill requests no environment variables or credentials. That is proportionate to the described purpose. It will, however, perform network operations (handshakes, publishes, and outbound feeds) as part of normal operation—no hidden credential access is requested by the skill itself.
Persistence & Privilege: okalways: false and autonomous invocation defaults are unchanged. The skill instructs creating a manifest under ~/.pilot (per-user), and it triggers installation of other skills via clawhub; it does not request system-wide privileges or modify other skills' configurations directly. These actions are consistent with setup behavior.