Pilot Game Npc Network Setup

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed setup guide for a four-agent NPC network, with expected local manifest persistence and port-1002 agent communication.

Before installing, review the external pilot-* skills and pilotctl source, use the setup only for endpoints you control, restrict port 1002 to the intended network, and remove ~/.pilot/setups/game-npc-network.json if you no longer want the persistent setup state.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The skill explicitly instructs writing a manifest into `~/.pilot/setups/game-npc-network.json` but does not warn the user that it will modify persistent local configuration. Even though the path is user-local and the action appears to be part of normal setup, silent persistence can surprise users, alter later agent behavior, and create unintended state that survives the session.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill defines multiple autonomous data flows and event streams among four agents over a network port without warning the user that cross-agent communication and continuous state sharing will occur. In a multi-agent setup, this can expose gameplay state, user-provided content, or operational metadata more broadly than expected, especially if agents or topics are misconfigured or reachable outside the intended boundary.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal