ClawHub

Pilot Ml Training Pipeline Setup

Security checks across malware telemetry and agentic risk

Overview

This setup skill is coherent with its ML pipeline purpose, but users should treat the trust links and model/data transfers as sensitive operational changes.

Install only if you intend to configure Pilot-based ML agents. Before running it, review the pilot-* skills it installs, confirm each hostname belongs to your own intended node, avoid handshakes with unknown peers, check or back up any existing ~/.pilot/setups/ml-training-pipeline.json, and do not transfer sensitive datasets or model checkpoints unless you have the right approvals and controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The README promises 'automatic approval gating before production serving' and evaluator-driven review approval, but later states that mutual handshakes are auto-approved with no manual step. In a multi-agent ML deployment, this mismatch can cause operators to believe a human or explicit approval gate protects production promotion when trust relationships are actually established automatically, increasing the risk of unauthorized model promotion or overly broad trust.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs users to establish automatic trust and transfer datasets and model artifacts across agents without warning that trust enables ongoing authenticated communications and that model/data artifacts may be sensitive or dangerous. In an ML pipeline context, this is materially risky because poisoned datasets, backdoored model checkpoints, or over-broad trust between production-adjacent agents can affect training integrity and serving safety.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to write a JSON manifest into `~/.pilot/setups/ml-training-pipeline.json`, which is a persistent local configuration path, but it does not require obtaining explicit user consent or warning that local state will be modified. In an agent setting, silently creating or overwriting configuration can alter future behavior, create confusion across sessions, or disrupt existing Pilot setups.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill sets up multiple peer communications, handshakes, publishes topics, and sends datasets and model artifacts between hosts, but it does not warn the user about data-sharing, model leakage, or exposure of potentially sensitive training data and metrics. Because the workflow normalizes cross-host transfer as part of setup, a user may trigger external sharing without understanding what data leaves the machine or how peer trust is established.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal