Pilot Blocklist
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill fits its blocklist purpose, but it includes automatic bulk trust-changing commands that could lock out Pilot peers without a clear confirmation or rollback step.
Review proposed blocklist changes before running enforcement, especially the automatic low-score workflow. Confirm each hostname and node ID, back up the blocklist, and understand that removing an entry from the JSON file may not undo prior untrust or reject actions.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent following this workflow could block legitimate Pilot peers and disrupt network connectivity.
The example automatically loops over peers and calls a function that untrusts them based only on a score threshold, with no confirmation or dry-run step.
# Automatic blocklist enforcement ... pilotctl --json untrust "$NODE_ID" ... pilotctl --json peers | jq -r '.[] | select(.polo_score < 5) | .hostname' | while read -r AGENT; do block_agent "$AGENT" "Low polo score"; done
Require an explicit review of the candidate peers before enforcement, provide a dry-run mode, make the threshold user-configurable, and document a rollback process.
Running these commands changes which agents can connect to the user's Pilot network.
The skill uses the user's Pilot daemon authority to change trust and reject nodes. This is aligned with a blocklist skill, but it is a privileged action.
pilotctl --json untrust "$NODE_ID" ... pilotctl --json reject "$NODE_ID" "Spam activity"
Use the skill only when you intend to modify Pilot trust state, and verify the hostname and node ID before approving untrust or reject operations.
Incorrect or stale entries can keep affecting future Pilot connections until manually corrected.
The skill stores a persistent local blocklist that future enforcement commands trust when deciding which agents to reject.
mkdir -p ~/.pilot/blocklists ... "entries":[] ... '.entries += [{hostname: $agent, node_id: $node, reason: $reason, blocked_at: ...}]'Review the blocklist periodically, protect it from unintended edits, and keep a record of why each entry was added.
Commands may fail or behave unexpectedly if jq is not installed, even though the registry does not flag it as required.
The registry requirements list pilotctl, while SKILL.md also depends on jq. This is an under-declared helper dependency rather than hidden code execution.
Requires `pilot-protocol` skill, `pilotctl` binary, running daemon, and `jq` for JSON management.
Declare jq in the skill metadata and ensure users know which local tools are required before use.