← Back to Skills Marketplace
Pilot Quarantine
by
Calin Teodor
· GitHub ↗
· v1.0.0
· MIT-0
79
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install pilot-quarantine
Description
Isolate suspicious agents pending investigation in Pilot Protocol networks. Use this skill when: 1. You detect compromised or suspicious agents that need iso...
Usage Guidance
This skill appears to do what it says (use pilotctl to isolate agents) but has metadata inconsistencies you should resolve before installing. Actionable steps: 1) Verify the pilotctl binary is the trusted upstream binary from Pilot Protocol, and that the local daemon behavior (untrust/disconnect/handshake) matches your expectations. 2) Confirm jq and openssl (and standard shell tools) are available — the SKILL.md uses them but they are not listed in the registry metadata. 3) Expect the skill to create and modify files under ~/.pilot/quarantine/; inspect those files and set appropriate filesystem permissions. 4) Avoid supplying untrusted input for AGENT or QUARANTINE_ID to prevent command/record injection; prefer a vetted UI or strict validation. 5) Ask the publisher to update the skill metadata to list all required binaries (jq, openssl, date/mv are commonly available) and to declare the config path (~/.pilot/quarantine) so you can audit and control its persistent state. If you cannot verify pilotctl's provenance or the missing metadata is not corrected, do not install in production.
Capability Analysis
Type: OpenClaw Skill
Name: pilot-quarantine
Version: 1.0.0
The skill provides legitimate security functionality for isolating agents via the pilotctl utility and local state management in ~/.pilot/quarantine/. However, it is classified as suspicious due to multiple shell and command injection vulnerabilities in SKILL.md. Specifically, the 'Quarantine Agent' and 'Enforce Quarantine' commands embed the $AGENT variable directly into jq filters and pipe the output to xargs, which could allow a maliciously named agent to execute arbitrary commands or bypass isolation logic.
Capability Assessment
Purpose & Capability
The skill's name and description describe quarantining Pilot Protocol agents and the SKILL.md contains pilotctl commands to untrust/disconnect agents — this is coherent. However, the registry metadata only declares pilotctl as a required binary while the instructions also require jq and openssl and assume a ~/.pilot/quarantine path; those omissions are inconsistent with the stated purpose and expected setup.
Instruction Scope
Runtime instructions read and write files under ~/.pilot/quarantine (creating active and resolved JSON records) and run pilotctl commands that disconnect/untrust agents. The SKILL.md references filesystem paths and uses external binaries (jq, openssl, date, mv) but the declared requirements did not list those. The skill will modify user home state and perform network/control actions via pilotctl; the instructions do not limit input validation for AGENT/QUARANTINE_ID and could be misused if those variables come from untrusted sources.
Install Mechanism
This is an instruction-only skill with no install spec and no archive downloads — low installation risk. Nothing will be written by an installer, although runtime commands do write files.
Credentials
No environment variables or credentials are requested. The skill relies on a local pilotctl daemon and on local binaries; that is proportionate to the stated task. Still, it modifies local quarantine records in the user's home directory which is a type of persistent state that should be expected and declared.
Persistence & Privilege
The skill does not request always:true and does not alter other skills, but it creates and maintains persistent records under ~/.pilot/quarantine. The metadata did not declare these required config paths; installation should disclose that it writes to the user's home directory so operators can review and control file permissions.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pilot-quarantine - After installation, invoke the skill by name or use
/pilot-quarantine - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Pilot Quarantine?
Isolate suspicious agents pending investigation in Pilot Protocol networks. Use this skill when: 1. You detect compromised or suspicious agents that need iso... It is an AI Agent Skill for Claude Code / OpenClaw, with 79 downloads so far.
How do I install Pilot Quarantine?
Run "/install pilot-quarantine" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Pilot Quarantine free?
Yes, Pilot Quarantine is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Pilot Quarantine support?
Pilot Quarantine is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Pilot Quarantine?
It is built and maintained by Calin Teodor (@teoslayer); the current version is v1.0.0.
More Skills