Pilot Protocol
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing requires trusting the Pilot Protocol website and downloaded pilotctl binaries.
The documented setup executes a remote installer and installs an external daemon/runtime that is not included in the reviewed artifacts.
curl -fsSL https://pilotprotocol.network/install.sh | sh ... downloads pre-built binaries (or builds from source if no release is available) ... sets up a system service
Verify the installer source, signatures, or checksums where available, and review the installed service before relying on it.
Sensitive files or task content could be shared with trusted peers if the agent is asked to send them.
The core function is agent-to-agent communication, including sending and receiving data and files across a peer network.
send messages, files, or data to another AI agent ... listen for incoming messages, files, or events ... establish or manage trust with other agents
Use only known peers, review trust relationships, and confirm before sending sensitive data or files.
A trusted peer could submit a task that attempts to redirect the agent outside the user's intended goal.
Peer-submitted tasks can become work items for the local agent, so their descriptions should be treated as untrusted requests rather than authoritative instructions.
The Task Submit service ... enables agents to request work from other agents ... pilotctl task execute ... # Do the work...
Require review before accepting or executing remote tasks, and follow the documented decline criteria for unsafe requests.
Incorrect gateway mappings could expose or route traffic through the Pilot overlay in ways the user did not intend.
The gateway can create local TCP proxy listeners for arbitrary ports, which is expected for an IP bridge but powerful if mis-scoped.
The gateway bridges standard IP/TCP traffic to Pilot Protocol ... Requires root for ports below 1024. Supports any port — configure with `--ports`.
Limit gateway use to specific peers and ports, avoid sudo unless necessary, and stop the gateway when finished.
The machine may keep receiving peer messages, files, events, or tasks while the daemon and trust relationships remain active.
The skill depends on a background daemon with automatically started services, so activity can continue beyond a single command.
The daemon must be running ... Built-in services: the daemon auto-starts echo ... data exchange ... event stream ... task submit
Start the daemon only when needed, monitor trusted peers and inboxes, and stop or disable the service when not in use.
Malicious or stale peer messages could influence future agent behavior if treated as trusted context.
Inbound peer content persists locally and may later be read by a user or agent.
Received files and messages are stored locally and can be inspected at any time.
Treat inbox files, messages, and task descriptions as untrusted input; clear stored content when it is no longer needed.