Skillv1.0.0

VirusTotal security

Pilot Quarantine · External malware reputation and Code Insight signals for this exact artifact hash.

SuspiciousApr 9, 2026, 7:51 AM

Hash: eb154c98685c6b51c5696d1417a694493be4c3db9a7aa72459212c63ca674b50
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: pilot-quarantine Version: 1.0.0 The skill provides legitimate security functionality for isolating agents via the pilotctl utility and local state management in ~/.pilot/quarantine/. However, it is classified as suspicious due to multiple shell and command injection vulnerabilities in SKILL.md. Specifically, the 'Quarantine Agent' and 'Enforce Quarantine' commands embed the $AGENT variable directly into jq filters and pipe the output to xargs, which could allow a maliciously named agent to execute arbitrary commands or bypass isolation logic.
External report: View on VirusTotal