Pilot Sync
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a straightforward instruction-only file sync skill, but it can continuously send files from a chosen directory to another agent, so users should verify the folder and remote peer.
Install only if you trust the Pilot Protocol setup and the remote agent. Use a dedicated folder, confirm the destination ID, avoid syncing sensitive directories, and stop the watcher when you no longer need continuous synchronization.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pointed at the wrong folder or peer, the agent could send files the user did not intend to share.
The skill documents Bash commands that send files from a local directory to a remote Pilot Protocol address. This is expected for a sync skill, but users need to control the path and destination.
for file in /path/to/sync/*; do pilotctl --json send-file 1:0001.AAAA.BBBB "$file" done
Use a dedicated sync folder, verify the remote agent ID, and avoid syncing broad locations such as the whole home directory or sensitive project roots.
Files may be exposed to another agent or node if the remote address is wrong or untrusted.
The skill sends local files to another agent over the Pilot Protocol network. This inter-agent transfer is central to the purpose, but trust and identity of the remote peer are user-controlled.
pilotctl --json send-file "$REMOTE" "$changed_file"
Confirm the remote peer identity and Pilot Protocol security model before syncing private files.
Unwanted edits, generated files, or sensitive additions in the watched folder could be sent automatically.
The continuous watcher propagates file changes from the sync directory to a remote agent until the command is stopped. This is expected for synchronization but can spread accidental changes.
fswatch -0 "$SYNC_DIR" | while read -d "" changed_file; do pilotctl --json send-file "$REMOTE" "$changed_file" done
Run the watcher only for the duration needed, exclude sensitive/generated files where possible, and keep backups for important synced data.
The skill may fail or prompt manual setup if dependencies are missing, and users should avoid installing lookalike tools from untrusted sources.
The skill depends on local tools beyond pilotctl. There is no install spec or bundled code, so users must obtain and verify these tools separately.
Requires pilot-protocol skill, jq, fswatch/inotifywait, md5sum, and stat.
Install dependencies from trusted OS package managers or official sources and verify pilotctl is the intended Pilot Protocol client.