Pilot Model Share
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is a disclosed, purpose-aligned guide for sending selected ML model files via Pilot Protocol, with routine cautions about recipient verification and the external pilotctl tool.
Before using this skill, install pilotctl from a trusted source, keep the Pilot daemon under your control, verify the destination peer and model path before sending, and prefer stronger hashes or signed metadata for important models.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with the wrong file path or destination, a model file could be sent to an unintended peer.
The skill uses Bash to run pilotctl commands that can send a local model file to another peer. This is central to the stated purpose, but the command arguments control what is sent and where.
allowed-tools:\n - Bash ... pilotctl --json send-file "$DEST" "$MODEL_FILE"
Confirm the recipient and model file path before running send-file, especially for private or valuable models.
A malicious or misconfigured pilotctl installation would handle the model metadata and files this skill sends.
The reviewed skill has no bundled code and relies on whatever pilotctl binary is installed on PATH. That dependency is disclosed and expected, but its provenance is outside the reviewed artifacts.
Source: unknown ... Required binaries (all must exist): pilotctl ... No install spec — this is an instruction-only skill.
Install pilotctl only from a trusted Pilot Protocol source and verify the binary before using this skill.
A model file or metadata could be disclosed to the wrong peer if the destination identity is mistaken.
The core workflow sends messages and model files to other agents or peers. This is purpose-aligned, but the instructions do not add recipient authentication or authorization checks.
share PyTorch, ONNX, or SafeTensors model files between agents ... pilotctl --json send-message "$DEST" ... pilotctl --json send-file "$DEST" "$MODEL_FILE"
Verify peer identity and access expectations before sharing models, and avoid sending confidential models to untrusted destinations.
A wrong or tampered model could be accepted and then reused or shared further if checksum metadata is not tied to a trusted sender and model version.
The example takes the first matching inbox checksum and uses MD5. This may be adequate for simple accidental-corruption checks, but it is weak for adversarial model integrity or provenance.
EXPECTED_CHECKSUM=$(pilotctl --json inbox | jq -r '.messages[] | select(.type == "model_metadata") | .file.checksum' | head -1); ACTUAL_CHECKSUM=$(md5sum "$RECEIVED_MODEL" | cut -d' ' -f1)
Use SHA-256 or signed model metadata, and verify the sender, model name, and version when validating received models.