Pilot Dataset
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a straightforward Pilot Protocol dataset-sharing helper, but it can send selected local datasets and metadata to peers through an external pilotctl setup.
Before installing, make sure you trust your pilotctl/Pilot Protocol installation, confirm the destination peer, and only send datasets you are authorized to share.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked on the wrong file or destination, the agent could publish or transfer unintended dataset information.
The skill allows Bash execution, which is expected for running pilotctl commands but gives the agent a broad local command interface when the skill is invoked.
allowed-tools: - Bash
Use it only with explicit peer and file selections, and review commands involving send-file before execution.
The safety of actual transfers depends partly on the installed pilotctl binary and daemon.
The skill relies on external Pilot Protocol components that are not included in the reviewed artifacts, so their provenance and behavior are outside this scan.
Requires pilot-protocol skill and pilotctl binary on PATH. The daemon must be running (pilotctl daemon start).
Install pilotctl and the Pilot Protocol components only from trusted sources and keep them updated.
Dataset contents and metadata may leave the local environment and be shared with another peer.
The documented workflow sends a local dataset file to a peer destination, which is purpose-aligned but involves inter-agent data transfer.
pilotctl --json send-file "$DEST" "$DATASET_FILE"
Confirm the recipient identity and verify that the dataset does not contain sensitive or unauthorized data before sending.