Pilot Quarantine
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill matches its quarantine purpose, but it can tell the agent to revoke trust and disconnect Pilot agents without explicit confirmation guardrails.
Install this only if you want the agent to help manage Pilot Protocol incident response. Before running quarantine or enforcement commands, manually confirm the target agent, node ID, and reason, and keep ~/.pilot/quarantine/ records accurate and protected.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked on the wrong target, a legitimate Pilot agent could be isolated or disconnected.
These commands revoke trust and disconnect Pilot connections. The artifacts do not add an explicit user-confirmation or target-validation step before making those live network changes.
pilotctl --json untrust "$NODE_ID"
pilotctl --json connections | jq -r '.connections[] | select(.remote_hostname == "'"$AGENT"'") | .id' | \
xargs -I {} pilotctl --json disconnect {}Require explicit user confirmation and verify the agent identity, node ID, and evidence of compromise before running untrust or disconnect commands.
Installing or using the skill gives the agent a documented path to exercise Pilot network privileges available through pilotctl.
The skill relies on the user's existing Pilot Protocol daemon and pilotctl authority to change trust and connection state.
Requires pilot-protocol skill and pilotctl binary on PATH. The daemon must be running (pilotctl daemon start).
Use it only in environments where the agent is allowed to manage Pilot trust decisions, and prefer least-privileged pilotctl access if available.
Stale or incorrect quarantine records could cause repeated isolation of the wrong agent.
The enforcement workflow reads persistent local quarantine JSON files and uses their contents to decide which agents to disconnect.
for QFILE in ~/.pilot/quarantine/active/*.json; do AGENT=$(jq -r '.agent' "$QFILE") NODE_ID=$(jq -r '.node_id' "$QFILE")
Review and protect ~/.pilot/quarantine/ records, and validate each stored agent before running enforcement.
The skill may fail or use unexpected local binaries if jq or openssl are missing or shadowed on PATH.
SKILL.md documents dependencies beyond pilotctl, while the registry requirements declare only pilotctl. This is an under-declared but purpose-aligned dependency gap.
Requires pilot-protocol, pilotctl, jq, openssl. Quarantine records stored in ~/.pilot/quarantine/.
Install jq and openssl from trusted sources and ensure the registry metadata accurately declares all required binaries.