← Back to Skills Marketplace
Pilot Compliance Governance Setup
by
Calin Teodor
· GitHub ↗
· v1.0.0
· MIT-0
85
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install pilot-compliance-governance-setup
Description
Deploy a compliance and governance system with 4 agents. Use this skill when: 1. User wants to set up automated compliance enforcement 2. User is configuring...
Usage Guidance
This skill appears to do what it says (set up four governance agents) but you should be cautious before running it. Key actions to take before installing: 1) Verify the provenance and integrity of the pilotctl and clawhub binaries (are they from a trusted, signed source?). 2) Inspect the specific pilot-* packages clawhub will install — each may request external credentials or add network connectors. 3) Plan where signing keys and any webhook/slack credentials will be stored and who can access them; the skill does not declare these needs. 4) Be careful when executing the handshake steps: automated trust between agents can expose data flows if endpoints are compromised. 5) If possible, test the setup in an isolated environment or staging cluster first. Providing the actual URLs/repositories for the pilot-* packages, a list of expected credential names for connectors, and details on where keys are stored would raise my confidence and could change this assessment to benign.
Capability Analysis
Type: OpenClaw Skill
Name: pilot-compliance-governance-setup
Version: 1.0.0
The skill bundle provides a legitimate orchestration setup for a four-agent compliance and governance system (policy engine, auditor, certifier, and reporter). It uses platform-specific tools like `pilotctl` and `clawhub` to manage dependencies, configure local manifests in `~/.pilot/setups/`, and establish inter-agent communication channels. The instructions in SKILL.md and README.md are consistent with the stated purpose and do not contain any indicators of malicious intent, data exfiltration, or unauthorized execution.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description align with the actions in SKILL.md: installing agent roles, setting hostnames, writing a manifest, and performing handshakes via pilotctl. Required binaries (pilotctl, clawhub) are appropriate. However, the skill instructs installing multiple connector/bridge skills (e.g., pilot-slack-bridge, pilot-webhook-bridge) that will likely need external credentials which this skill does not declare or surface.
Instruction Scope
The SKILL.md tells the agent to install many other skills, write a manifest to ~/.pilot/setups/compliance-governance.json, and perform automated handshakes that auto-approve trust once both sides send a handshake. The document also enables external data flows (webhook/Slack bridges). These are coherent with a governance setup but expand the runtime scope substantially and could result in sensitive audit data being forwarded externally if connectors are misconfigured or credentials are provided to those installed skills.
Install Mechanism
Instruction-only skill (no install spec, no code) which is low risk by itself. However it requires running clawhub install to fetch many pilot-* skills; the security depends entirely on the provenance and contents of those packages installed by clawhub (not visible here).
Credentials
The skill declares no required environment variables or credentials, yet it instructs installing connectors that normally require external credentials (Slack tokens, webhook endpoints) and a certifier role that manages signing keys. Not declaring these expected credentials is an omission that obscures where secrets will be provided or stored and prevents users from assessing privilege needs up front.
Persistence & Privilege
always is false and the skill does not itself request persistent platform-wide privileges. That said, it instructs installing multiple persistent skills and writing a setup manifest into the user's home directory, and it guides creation of automated peer handshakes which grant trust between agents — so the overall deployment results in persistent, interconnected services. This combination increases blast radius if any installed skill is malicious or misconfigured.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pilot-compliance-governance-setup - After installation, invoke the skill by name or use
/pilot-compliance-governance-setup - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Pilot Compliance Governance Setup?
Deploy a compliance and governance system with 4 agents. Use this skill when: 1. User wants to set up automated compliance enforcement 2. User is configuring... It is an AI Agent Skill for Claude Code / OpenClaw, with 85 downloads so far.
How do I install Pilot Compliance Governance Setup?
Run "/install pilot-compliance-governance-setup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Pilot Compliance Governance Setup free?
Yes, Pilot Compliance Governance Setup is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Pilot Compliance Governance Setup support?
Pilot Compliance Governance Setup is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Pilot Compliance Governance Setup?
It is built and maintained by Calin Teodor (@teoslayer); the current version is v1.0.0.
More Skills