← 返回 Skills 市场
teoslayer

Pilot Sync

作者 Calin Teodor · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
83
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install pilot-sync
功能描述
Bidirectional file synchronization between agents over the Pilot Protocol network. Use this skill when: 1. You need to keep directories synchronized between...
安全使用建议
This skill appears to do what it says (send files via pilotctl), but there are a few issues to check before using it: - The SKILL.md expects jq, fswatch or inotifywait, md5sum, and stat, but only pilotctl is declared as required; ensure those binaries are present and trusted. - The manifest and example loops will transmit filenames, checksums, and mtimes (and the file contents) to remote Pilot peers—confirm you trust the remote node(s) and understand what will be shared. - The stat command shown (stat -f %m) is BSD/macOS-specific; on Linux you may need a different stat invocation. The example shell code also may break on filenames with newlines or special characters. - pilotctl uses local credentials/config (not listed); verify what keys/config pilotctl will use and whether you consent to those credentials being able to send files. - Consider adding filtering, error handling, and authentication/authorization checks (verify remote ID) before running the examples. If the publisher updates the metadata to list all required binaries and documents pilotctl auth/config requirements, and the examples are made more robust/portable, the skill would be more trustworthy.
功能分析
Type: OpenClaw Skill Name: pilot-sync Version: 1.0.0 The skill provides bidirectional file synchronization using the pilotctl utility and the Pilot Protocol. It is classified as suspicious because the workflow example in SKILL.md contains a shell injection vulnerability: the find command interpolates filenames directly into a shell string (sh -c), which could allow arbitrary command execution if the directory being synchronized contains files with specially crafted names. While the functionality aligns with the stated purpose, this implementation flaw poses a significant security risk.
能力评估
Purpose & Capability
The name/description align with the runtime instructions (sending files and manifests with pilotctl). However the registry metadata only declares pilotctl as a required binary while the SKILL.md examples also require jq, fswatch or inotifywait, md5sum, and stat. Those additional tools are necessary for the provided workflows but are not listed as required bins in the metadata, which is an inconsistency.
Instruction Scope
Instructions only perform file listing, hashing, timestamping, and sending via pilotctl—actions consistent with file synchronization. They will transmit file contents and metadata (filenames, md5s, mtimes) to remote Pilot nodes, which is expected but worth noting. Examples use a hardcoded remote ID and aggressive loops that will send every file in a directory without filtering or rate control. Also the manifest-building uses shell substitution that may break on filenames with newlines or special characters (and the example uses md5sum and a stat invocation that is OS-specific).
Install Mechanism
Instruction-only skill with no install spec and no code to write to disk; this has a low install risk. Nothing in the package performs downloads or extracts arbitrary archives.
Credentials
No environment variables or explicit credentials are requested, which is proportional. However pilotctl typically uses local configuration and keys (in user home or daemon-managed stores) to authenticate with the Pilot network; the skill does not declare or document what pilotctl auth keys or configs are required. The skill will therefore rely on existing pilotctl credentials (not declared) to transmit files—this implicit credential use should be made explicit.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and contains no install-time persistence. It runs as-invoked and does not claim elevated continuous presence.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install pilot-sync
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /pilot-sync 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
Slug pilot-sync
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Pilot Sync 是什么?

Bidirectional file synchronization between agents over the Pilot Protocol network. Use this skill when: 1. You need to keep directories synchronized between... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 83 次。

如何安装 Pilot Sync?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install pilot-sync」即可一键安装,无需额外配置。

Pilot Sync 是免费的吗?

是的,Pilot Sync 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Pilot Sync 支持哪些平台?

Pilot Sync 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Pilot Sync?

由 Calin Teodor(@teoslayer)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论