Pilot Clipboard
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is coherent for sharing small clipboard snippets, but users should verify recipients and avoid sending sensitive command output.
Use this skill only for short, non-sensitive snippets or reviewed command output, and only with Pilot destinations you trust. Treat anything pasted from a remote inbox as untrusted text until you inspect it.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could accidentally send local command output, such as directory listings or other sensitive text, to another Pilot destination.
The skill relies on Bash examples to collect and transmit command output. This is disclosed and purpose-aligned, but arbitrary command output could include more information than intended.
allowed-tools:\n - Bash ... OUTPUT=$(ls -lh)\npilotctl --json send "1:0001.AAAA.BBBB" 1001 --data "$OUTPUT"
Use narrowly scoped commands, review output before sending, and avoid sending secrets or private data through the clipboard.
The skill may fail or behave differently if required local tools are missing or installed from an untrusted source.
SKILL.md lists jq and optional clipboard utilities in addition to pilotctl; the provided registry requirements only declare pilotctl, so dependency expectations are not fully captured in metadata.
Requires pilot-protocol, pilotctl, and jq. Clipboard tools: pbcopy/pbpaste (macOS) or xclip/xsel (Linux).
Install pilotctl, jq, and any clipboard tools from trusted sources, and verify the Pilot Protocol setup before use.
Clipboard text or command output may be visible to remote agents, and received clipboard content could be stale or untrusted.
The skill sends clipboard content to a Pilot destination and reads clipboard messages from the inbox. This is the intended function, but it depends on trusting the recipient and treating received content carefully.
pilotctl --json send-message "$dest" --data "$clip_msg" ... pilotctl --json inbox | jq -r '.messages[] | select(.type == "clipboard") | .content' | head -1
Send only to known Pilot addresses, keep shared content short and non-sensitive, and inspect pasted content before using it as instructions or commands.