Back to skill

Security audit

Super Pilot Api Gateway

Security checks across malware telemetry and agentic risk

Overview

This skill is documentation-only, but it tells agents to expose local APIs remotely with unclear public-access and security boundaries.

Install only if you understand Pilot Protocol networking and can verify who can reach the exposed service. Do not map localhost admin panels, metadata endpoints, private business APIs, or unauthenticated services; require authentication, limit allowed endpoints, and know how to stop the daemon before using the examples.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill documentation claims it is 'not for HTTP-only proxying' and emphasizes secure private exposure, but the commands directly start a gateway and map remote hostnames to local IPs, which is functionally API exposure/proxying. This mismatch can mislead operators about the exposure model and trust boundary, increasing the chance they publish sensitive local services under weaker assumptions than intended.

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The workflow labels itself as a custom messaging-based API server but starts the daemon with '--public', contradicting the claim of avoiding public internet exposure. This can cause users to deploy a publicly reachable endpoint while believing they are only enabling controlled message-based access, leading to unintended service exposure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill is explicitly designed to expose local APIs to remote agents, yet it provides no meaningful warning about privacy risks, sensitive data leakage, or the operational impact of making internal services remotely accessible. In this context, omission of security guidance is dangerous because users may expose trusted local endpoints, metadata services, admin APIs, or internal business data to remote requesters without understanding the consequences.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.