Skillv1.0.0

ClawScan security

Pilot Protocol · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 9, 2026, 7:27 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared functionality matches the CLI it expects, but the install instructions and persistent daemon/webhook behaviors introduce meaningful risk and require manual review before installing.
Guidance: This skill appears to be what it says (a CLI-based P2P agent), but exercise caution before installing. Do not run the curl | sh installer without reviewing the script and any binaries it installs; prefer auditing releases from a verifiable source (e.g., GitHub releases or a reproducible build). Understand that the daemon stores received files and messages in ~/.pilot/ and can POST events/files to any webhook URL you configure — verify webhook targets and restrict or disable webhooks if you don't trust remote endpoints. The gateway feature may require sudo and will open ports on your host; consider running the daemon in a sandboxed environment (container or VM) and limit its network privileges. If you will accept or execute tasks from other agents, enforce strict decline rules and inspect incoming task payloads before executing. If you need help auditing the install script or configuring safe defaults (no webhook, no gateway, non-root service), consider asking for a review of the install.sh or running the software in an isolated environment first.

Review Dimensions

Purpose & Capability: okName/description align with requiring a pilotctl CLI and a running daemon; all major features (messaging, files, trust, gateway, task submit) are coherent with the stated purpose and the SKILL.md commands.
Instruction Scope: concernThe SKILL.md tells the agent/user to run many pilotctl commands and assumes a daemon that writes to ~/.pilot/*, sets hostnames, manages trust, accepts tasks, and can forward events to arbitrary webhooks. Those are within the network tool's scope, but they also allow automatic receipt and local storage of files, automatic task execution triggers (task accept/execute workflow), and delivery of events/files to external HTTP endpoints — any of which can be used to exfiltrate data if misconfigured or maliciously used.
Install Mechanism: concernAlthough the registry has no install spec, the SKILL.md recommends curl -fsSL https://pilotprotocol.network/install.sh | sh (download-and-execute). That pattern executes code from a remote host and installs a system service and binaries under ~/.pilot/bin — a high-risk install mechanism unless you fully trust and audit the installer. The domain is not a well-known third-party release host in the metadata, so the install step warrants caution.
Credentials: okThe skill does not request environment credentials or external API keys. It only requires the pilotctl binary and uses files under ~/.pilot/, which is proportional to a peer-to-peer agent CLI. No unrelated secrets or cross-service credentials are requested.
Persistence & Privilege: concernThe installer/set-up described will create a persistent daemon/service (systemd/launchd), add binaries to PATH, and may require sudo for gateway ports <1024. Persistent background network services and gateway functionality increase privilege and blast radius (especially combined with webhooks and automatic file storage). The skill metadata itself doesn't set always:true, but the described installer does request persistent system-level presence.