Pilot Database Bridge
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill transparently documents commands for opening Pilot Protocol database tunnels, but users should treat it as high-impact because it can access private or production databases.
Install this only if you intend to let the agent open Pilot Protocol tunnels and connect to private databases. Prefer read-only, least-privilege database accounts, verify the mapped host before connecting, and stop the gateway when finished.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run local commands to start tunnels and connect to databases, so mistakes could affect the user's environment or database session.
The skill explicitly permits Bash so the agent can run pilotctl and database client commands. This is expected for a command-line database bridge, but it gives the agent broad local command capability for this workflow.
allowed-tools: - Bash
Use the skill only for intended database tunnel tasks, and review commands, target hosts, and any SQL/database actions before allowing execution.
If used with privileged credentials, the agent could read or change sensitive database contents depending on the database permissions granted.
The example connects to a production database using database credentials. This is purpose-aligned, but database credentials and production access are high-impact.
psql -h 192.168.100.10 -p 5432 -U dbuser -d production
Use least-privilege, read-only database accounts when possible, and avoid granting the agent administrator or production write credentials unless explicitly needed.
Database queries and results may traverse the tunnel path, so users need to trust the Pilot Protocol setup and connected peers.
The skill routes database connectivity through Pilot Protocol tunnels. This gateway behavior is disclosed and central to the purpose, but it means database traffic depends on the Pilot Protocol trust and access model.
Query remote databases through Pilot Protocol tunnels.
Confirm the Pilot daemon, tunnel endpoint, and mapped host are trusted before sending sensitive database queries or credentials.
A database tunnel service may remain active longer than intended if the user or agent does not stop it.
The documented workflow starts a daemon and gateway that may continue running after the immediate task. This appears purpose-aligned, and a stop command is also documented.
pilotctl --json daemon start pilotctl --json gateway start
Stop the gateway after use with the documented stop command and verify no unnecessary tunnels remain open.