Pilot Api Gateway
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is coherent for exposing local APIs, but it can open local services to remote Pilot agents without clear access-control, scoping, or shutdown guidance.
Install only if you intentionally want to expose a specific local API through Pilot. Before running it, confirm the exact hostname, local IP, port, allowed remote clients, authentication method, and how to stop the gateway.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on the wrong service or port, remote Pilot clients could access private local API data or trigger local API actions.
The skill is designed to make local APIs reachable by remote agents, but the artifact does not specify authentication, client allow-listing, data boundaries, or how remote request identity is verified.
Expose local APIs to the Pilot Protocol network ... You need to expose local APIs to remote Pilot agents
Use only with explicit user approval for the exact local service, hostname, port, and permitted clients; add authentication, allow-listing, and clear data-sharing limits.
A mistaken or overly broad mapping could expose unintended local or internal network services.
The skill gives the agent Bash access for pilotctl commands that can map remote names to local IPs and start gateway/listener behavior, without documented validation or confirmation requirements.
allowed-tools:\n - Bash ... pilotctl --json gateway map <hostname> <local-ip>
Require a user-confirmed plan before running gateway or mapping commands, validate the target local IP/port, and avoid exposing admin, credential, or internal-only APIs.
The local machine may continue listening or serving through Pilot longer than the user expects.
The workflow example starts a public daemon mode and runs an unbounded receive loop. This is consistent with a gateway, but it can keep serving until stopped.
pilotctl --json daemon start --hostname data-api --public ... while true; do
Document and use explicit stop/cleanup commands, avoid backgrounding long-running listeners without user consent, and set time limits where possible.
Security depends on having a trusted and correctly configured pilotctl installation.
The reviewed artifact does not include the pilotctl binary or install process, so the safety of the actual network gateway depends on an external dependency.
Requires pilot-protocol skill and pilotctl binary on PATH.
Install pilotctl only from the official Pilot Protocol source, keep it updated, and review its configuration before exposing local services.