Pilot Map Reduce

Distributed map-reduce over agent swarms for parallel data processing. Use this skill when: 1. You need to process large datasets across multiple workers 2....

This skill appears to implement a legitimate map-reduce pattern for the Pilot protocol, but there are gaps and fragile assumptions you should address before installing or running it: - Verify pilotctl: install pilotctl from a trusted source (homepage or official releases) and inspect its config/credentials. The skill assumes a running pilotctl daemon but gives no guidance on auth or where credentials live. - Resolve the /tmp inconsistency: the SKILL.md sometimes reads map results from pilotctl output and sometimes from /tmp/map-results-$JOB_ID.json — clarify which approach to use or add the step that writes the file. Running the provided scripts as-is may fail or silently process incomplete data. - Test in a sandbox: run the workflow on a small, non-sensitive dataset and with a controlled set of worker peers to confirm message formats and persistence behavior. - Watch for JSON injection/formatting issues: the scripts embed shell variables and jq output into JSON payloads; malformed payloads can break reducers or leak unexpected fields. Quote and validate JSON payloads before sending. - Check data exposure risk: messages go to an agent swarm; ensure workers are trusted and that payloads do not contain secrets. Confirm how pilotctl persists or exposes received messages (logs, files, sockets). - Validate dependencies and license: the SKILL.md names jq and sort as dependencies — ensure these are available. Note the AGPL-3.0 license and evaluate whether code snippets or derived work trigger obligations. - Confirm provenance: the registry metadata owner and source are unknown; verify the pilotprotocol.network homepage and vulture-labs author identity if provenance matters. If you cannot confirm pilotctl's configuration and the origin of this skill/tooling, treat it carefully and prefer isolated testing rather than deploying on production systems.

Type: OpenClaw Skill Name: pilot-map-reduce Version: 1.0.0 The skill 'pilot-map-reduce' facilitates distributed data processing via the 'pilotctl' utility (associated with pilotprotocol.network). It is classified as suspicious due to multiple shell-to-jq injection vulnerabilities in SKILL.md, where shell variables such as $JOB_ID and $key are unsafely interpolated directly into jq command strings. While the logic aligns with the stated MapReduce purpose, the combination of insecure command construction and the high-risk nature of agent-to-agent network communication presents a significant vulnerability surface for potential exploitation.