{"id":"3965f604-502b-4a1c-b6c0-b15a58739bd3","shortId":"FWShHf","kind":"skill","title":"pilot-service-agents-security","tagline":"Security and threat-intel lookups — CVEs, certificate transparency, URL/IP threat checks, DNS, WHOIS.  Use this skill when: 1. Looking up a CVE (NVD, MITRE CVE, Shodan CVEDB) 2. Certificate transparency or domain WHOIS / RDAP lookup 3. URL / IP threat classification (Web Risk pre","description":"# pilot-service-agents-security\n\nSecurity and threat-intel lookups — CVEs, certificate transparency, URL/IP threat checks, DNS, WHOIS.\n\nAll agents in this category follow the standard contract described in\n`pilot-service-agents`. Send `/help` to any agent to read its exact filter\nschema — the table below is a snapshot; the catalogue grows, so always verify\nwith a fresh `list-agents` query.\n\n## Agents in this category (snapshot)\n\n| Hostname | Description |\n|---|---|\n| `crtsh` | Certificate transparency log search |\n| `cveawg-mitre` | MITRE CVE record |\n| `cvedb-shodan` | Shodan CVEDB lookup by CVE id |\n| `dns-google` | Google public DNS resolver (A/AAAA/MX/TXT records) |\n| `gcp-web-risk` | Google Web Risk URL threat detection |\n| `haveibeenpwned-domains` | HIBP latest data-breach record |\n| `mullvad-connection` | Connection info: IP, country, ISP, VPN detection |\n| `nvd-cves` | NVD CVE search |\n| `proxycheck` | Proxy/VPN/abuse IP lookup |\n| `rdap-domain` | RDAP domain WHOIS lookup (IETF standard) |\n| `rdap-ip` | RDAP IP address registration lookup |\n| `shodan-internetdb` | Shodan IP port/vuln/hostname reconnaissance |\n\n## What you can expect\n\n- Multiple CVE feeds for cross-checking\n- crt.sh for subdomain discovery via issued certs\n- DNS resolution via Google and RDAP WHOIS\n\n## What NOT to expect\n\n- Zero-day early disclosures\n- Paid commercial threat-intel feeds — only public data\n\n## Commands (same pattern for every agent in the category)\n\n```bash\n# Read an agent's filter contract\npilotctl --json send-message <hostname> --data \"/help\"\npilotctl --json inbox\n\n# Fetch structured data\npilotctl --json send-message <hostname> --data '/data {json filters}'\npilotctl --json inbox\n\n# Natural-language summary (Gemini)\npilotctl --json send-message <hostname> --data '/summary {json filters}'\npilotctl --json inbox\n```\n\n## Response shape\n\n`send-message` returns an ACK envelope immediately (`{\"ack\":\"ACK TEXT N bytes\", \"bytes\":N, \"target\":\"<address>\", \"type\":\"text\"}`). The **actual agent response** arrives a few seconds later and is read with `pilotctl --json inbox`. Each inbox entry carries the agent's normalised envelope in its `data` field:\n\n```json\n{\n  \"source\": \"<hostname>\",\n  \"items\":  [...],\n  \"count\":  <int>,\n  \"total\":  <int|null>,\n  \"page\":   <int|null>,\n  \"next\":   <cursor|null>,\n  \"truncated\": <bool>,\n  \"upstream_url\": \"<resolved upstream URL>\"\n}\n```\n\n`/help` returns plain text. `/summary` returns a Gemini-generated prose string. Free-text queries also return Gemini prose.\n\n## Workflow Example\n\n```bash\n# 1. Fresh discovery — the catalogue grows, never hard-code\npilotctl --json send-message list-agents --data '/data {\"category\":\"security\",\"limit\":20}'\npilotctl --json inbox\n\n# 2. Read the contract of a specific agent\npilotctl --json send-message nvd-cves --data '/help'\npilotctl --json inbox\n\n# 3. Query it\npilotctl --json send-message nvd-cves --data '/data {\"cveId\":\"CVE-2021-44228\"}'\npilotctl --json inbox\n```\n\n## Dependencies\n\nRequires the `pilot-protocol` core skill, the `pilot-service-agents` skill\n(for the general discovery flow), `pilotctl` on PATH, and a running daemon\njoined to network 9.","tags":["pilot","service","agents","security","skills","teoslayer","agent-skills","ai-agents","clawhub","networking","openclaw","overlay-network"],"capabilities":["skill","source-teoslayer","skill-pilot-service-agents-security","topic-agent-skills","topic-ai-agents","topic-clawhub","topic-networking","topic-openclaw","topic-overlay-network","topic-p2p","topic-pilot-protocol"],"categories":["pilot-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/TeoSlayer/pilot-skills/pilot-service-agents-security","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add TeoSlayer/pilot-skills","source_repo":"https://github.com/TeoSlayer/pilot-skills","install_from":"skills.sh"}},"qualityScore":"0.453","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 6 github stars · SKILL.md body (3,143 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:15:03.223Z","embedding":null,"createdAt":"2026-05-18T13:22:50.599Z","updatedAt":"2026-05-18T19:15:03.223Z","lastSeenAt":"2026-05-18T19:15:03.223Z","tsv":"'-2021':465 '-44228':466 '/data':291,421,462 '/help':85,278,379,446 '/summary':308,383 '1':24,402 '2':34,429 '20':425 '3':42,450 '9':499 'a/aaaa/mx/txt':148 'ack':321,324,325 'actual':335 'address':203 'agent':4,53,70,83,88,112,114,261,268,336,355,419,436,482 'also':395 'alway':105 'arriv':338 'bash':265,401 'breach':167 'byte':328,329 'carri':353 'catalogu':102,406 'categori':73,117,264,422 'cert':230 'certif':13,35,62,122 'check':17,66,223 'classif':46 'code':411 'command':256 'commerci':248 'connect':171,172 'contract':77,271,432 'core':476 'count':366 'countri':175 'cross':222 'cross-check':221 'crt.sh':224 'crtsh':121 'cursor':374 'cve':28,31,130,139,183,218,464 'cveawg':127 'cveawg-mitr':126 'cvedb':33,133,136 'cvedb-shodan':132 'cveid':463 'cves':12,61,181,444,460 'daemon':495 'data':166,255,277,284,290,307,361,420,445,461 'data-breach':165 'day':244 'depend':470 'describ':78 'descript':120 'detect':159,178 'disclosur':246 'discoveri':227,404,487 'dns':18,67,142,146,231 'dns-googl':141 'domain':38,162,191,193 'earli':245 'entri':352 'envelop':322,358 'everi':260 'exact':92 'exampl':400 'expect':216,241 'feed':219,252 'fetch':282 'field':362 'filter':93,270,293,310 'flow':488 'follow':74 'free':392 'free-text':391 'fresh':109,403 'gcp':151 'gcp-web-risk':150 'gemini':301,387,397 'gemini-gener':386 'general':486 'generat':388 'googl':143,144,154,234 'grow':103,407 'hard':410 'hard-cod':409 'haveibeenpwn':161 'haveibeenpwned-domain':160 'hibp':163 'hostnam':119 'id':140 'ietf':196 'immedi':323 'inbox':281,296,313,349,351,428,449,469 'info':173 'int':368,371 'intel':10,59,251 'internetdb':208 'ip':44,174,187,200,202,210 'isp':176 'issu':229 'item':365 'join':496 'json':273,280,286,292,295,303,309,312,348,363,413,427,438,448,454,468 'languag':299 'later':342 'latest':164 'limit':424 'list':111,418 'list-ag':110,417 'log':124 'look':25 'lookup':11,41,60,137,188,195,205 'messag':276,289,306,318,416,441,457 'mitr':30,128,129 'mullvad':170 'mullvad-connect':169 'multipl':217 'n':327,330 'natur':298 'natural-languag':297 'network':498 'never':408 'next':373 'normalis':357 'null':369,372,375 'nvd':29,180,182,443,459 'nvd-cves':179,442,458 'page':370 'paid':247 'path':491 'pattern':258 'pilot':2,51,81,474,480 'pilot-protocol':473 'pilot-service-ag':80,479 'pilot-service-agents-secur':1,50 'pilotctl':272,279,285,294,302,311,347,412,426,437,447,453,467,489 'plain':381 'port/vuln/hostname':211 'pre':49 'prose':389,398 'protocol':475 'proxy/vpn/abuse':186 'proxycheck':185 'public':145,254 'queri':113,394,451 'rdap':40,190,192,199,201,236 'rdap-domain':189 'rdap-ip':198 'read':90,266,345,430 'reconnaiss':212 'record':131,149,168 'registr':204 'requir':471 'resolut':232 'resolv':147 'respons':314,337 'return':319,380,384,396 'risk':48,153,156 'run':494 'schema':94 'search':125,184 'second':341 'secur':5,6,54,55,423 'send':84,275,288,305,317,415,440,456 'send-messag':274,287,304,316,414,439,455 'servic':3,52,82,481 'shape':315 'shodan':32,134,135,207,209 'shodan-internetdb':206 'skill':22,477,483 'skill-pilot-service-agents-security' 'snapshot':100,118 'sourc':364 'source-teoslayer' 'specif':435 'standard':76,197 'string':390 'structur':283 'subdomain':226 'summari':300 'tabl':96 'target':331 'text':326,333,382,393 'threat':9,16,45,58,65,158,250 'threat-intel':8,57,249 'topic-agent-skills' 'topic-ai-agents' 'topic-clawhub' 'topic-networking' 'topic-openclaw' 'topic-overlay-network' 'topic-p2p' 'topic-pilot-protocol' 'total':367 'transpar':14,36,63,123 'truncat':376 'type':332 'upstream':377 'url':43,157,378 'url/ip':15,64 'use':20 'verifi':106 'via':228,233 'vpn':177 'web':47,152,155 'whoi':19,39,68,194,237 'workflow':399 'zero':243 'zero-day':242","prices":[{"id":"e6dbcacc-b04f-44ec-83ae-2186f5cb073c","listingId":"3965f604-502b-4a1c-b6c0-b15a58739bd3","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"TeoSlayer","category":"pilot-skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:22:50.599Z"}],"sources":[{"listingId":"3965f604-502b-4a1c-b6c0-b15a58739bd3","source":"github","sourceId":"TeoSlayer/pilot-skills/pilot-service-agents-security","sourceUrl":"https://github.com/TeoSlayer/pilot-skills/tree/main/skills/pilot-service-agents-security","isPrimary":false,"firstSeenAt":"2026-05-18T13:22:50.599Z","lastSeenAt":"2026-05-18T19:15:03.223Z"}],"details":{"listingId":"3965f604-502b-4a1c-b6c0-b15a58739bd3","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"TeoSlayer","slug":"pilot-service-agents-security","github":{"repo":"TeoSlayer/pilot-skills","stars":6,"topics":["agent-skills","ai-agents","clawhub","networking","openclaw","overlay-network","p2p","pilot-protocol"],"license":"agpl-3.0","html_url":"https://github.com/TeoSlayer/pilot-skills","pushed_at":"2026-05-13T06:08:49Z","description":"80+ agent skills for Pilot Protocol — communication, file transfer, trust, task routing, swarm coordination, and more","skill_md_sha":"81bc8b16a4d13e0f75f508d685baa6df2c7ffc6c","skill_md_path":"skills/pilot-service-agents-security/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/TeoSlayer/pilot-skills/tree/main/skills/pilot-service-agents-security"},"layout":"multi","source":"github","category":"pilot-skills","frontmatter":{"name":"pilot-service-agents-security","license":"AGPL-3.0","description":"Security and threat-intel lookups — CVEs, certificate transparency, URL/IP threat checks, DNS, WHOIS.  Use this skill when: 1. Looking up a CVE (NVD, MITRE CVE, Shodan CVEDB) 2. Certificate transparency or domain WHOIS / RDAP lookup 3. URL / IP threat classification (Web Risk premium, Mullvad, ProxyCheck)  Do NOT use this skill when: - Active scanning or exploitation — these are read-only lookups - Breach-data *exposure* — HIBP agent returns breach descriptors only","compatibility":"Requires pilot-protocol skill, pilotctl binary on PATH, a running daemon joined to network 9 (data-exchange), and the `list-agents` directory agent reachable on the overlay."},"skills_sh_url":"https://skills.sh/TeoSlayer/pilot-skills/pilot-service-agents-security"},"updatedAt":"2026-05-18T19:15:03.223Z"}}