Skills
skills/rethinking-studio/clawpilot-skills/clawpilot-pair/Gen Agent Trust Hub

clawpilot-pair

Warn

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill installs software packages globally using npm install -g for both the vendor's @rethinkingstudio/clawpilot and the third-party cc-connect package.
  • [COMMAND_EXECUTION]: The workflow implements a persistence mechanism by installing and starting a background service (daemon) using cc-connect daemon install. This ensures the service runs continuously across sessions.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch and follow configuration instructions from a third-party GitHub repository: https://raw.githubusercontent.com/chenhg5/cc-connect/refs/heads/main/INSTALL.md.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by instructing the agent to ingest and follow external, untrusted content from a remote URL.
  • Ingestion points: Instructions in SKILL.md direct the agent to read https://raw.githubusercontent.com/chenhg5/cc-connect/refs/heads/main/INSTALL.md.
  • Boundary markers: None provided; the agent is instructed to follow the guide directly.
  • Capability inventory: The skill has access to npm for global installations, daemon management for persistence, and system utilities like lsof and file system writes (~/.cc-connect/config.toml).
  • Sanitization: No sanitization or validation of the remote content is performed before processing.
  • [COMMAND_EXECUTION]: The skill performs various system-level diagnostics and configuration checks, including port monitoring with lsof -i :9810 and executing version checks for local coding agents (e.g., claude, codex, gemini).
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 11, 2026, 01:12 AM
Security Audit — agent-trust-hub — clawpilot-pair