Pilot Keychain
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is meant to exchange credentials, but its instructions handle raw secrets in files and between agents without enough scoping, verification, or support for its security claims.
Review carefully before installing. Use only with trusted Pilot Protocol agents, confirm every recipient and credential manually, prefer short-lived scoped tokens, and do not assume the advertised auto-expiry or encryption guarantees are enforced by this SKILL.md alone.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A credential sent to the wrong or untrusted agent could give that agent access to the user's accounts or services.
The skill is explicitly intended to transfer credentials, which can grant access to user or service accounts. The artifacts do not define approval, recipient verification, credential scope, or revocation requirements before sharing.
Use this skill when: 1. You need to share API keys, tokens, or credentials securely between agents
Only use this with explicitly approved recipients and scoped, revocable credentials; require confirmation before sending any real secret.
Secrets may be shared over an agent-to-agent channel without enough assurance that the recipient is the intended trusted party.
The workflow sends a file containing a credential to another Pilot Protocol agent, but the instructions do not show identity verification, trust checks, or clear data-boundary controls for the recipient.
pilotctl --json send-file "$RECIPIENT" /tmp/cred.json
Verify recipient identity out of band, use least-privilege temporary credentials, and avoid autonomous sends without user confirmation.
Users may believe credentials are automatically expired or rotated when the artifact only demonstrates metadata and manual cleanup.
The description promises automatic expiration and rotation, but the shown commands only place an expires_at field in JSON and provide a manual cleanup loop; no rotation mechanism is shown.
automatic expiration and rotation of shared secrets
Document the actual guarantees clearly, distinguish metadata from enforcement, and add explicit rotation/expiry enforcement if claimed.
Secrets could be exposed through local files, logs, shell history, or agent command output if handled carelessly.
The Bash workflow writes a raw credential value into a temporary file, including a predictable /tmp path in one command, without showing restrictive permissions or secure handling.
cat > /tmp/cred.json <<EOF
{"credential_id":"$(openssl rand -hex 8)","value":"$CRED_VALUE","expires_at":"$EXPIRES_AT"}
EOFUse restrictive file permissions, randomized private temp files, avoid printing secrets, and prefer a vetted secret-transfer mechanism that does not persist plaintext secrets unnecessarily.
Credential values may remain on disk after use and could be reused, indexed, or exposed later.
The workflow persists sent credential files under ~/.pilot/keychain/sent even though the skill says it is not for persistent credential storage.
mv /tmp/cred-$cred_id.json ~/.pilot/keychain/sent/
Avoid retaining plaintext sent credentials, enforce automatic deletion for both sent and received files, and document retention behavior clearly.
The skill may fail or behave differently if required tools are missing or if an unexpected pilotctl binary is on PATH.
The skill depends on external tools, and SKILL.md lists jq and openssl in addition to pilotctl, while the registry requirements only declare pilotctl. This is not malicious by itself but users must trust and install the correct tooling.
Requires pilot-protocol, pilotctl, jq, and openssl.
Install pilotctl, jq, and openssl from trusted sources and verify the pilotctl binary before using it for credentials.