Pilot Task Chain
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is coherent for building Pilot multi-agent task pipelines, but users should be careful because it forwards task results between agents through shell commands.
This skill appears benign and purpose-aligned, but use it only with trusted Pilot tooling and trusted target agents. Treat fetched or generated results as untrusted data before passing them to the next agent, and add validation or human approval before any step that stores, publishes, deletes, or changes important data.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill can run local shell commands to submit and monitor Pilot tasks.
The skill authorizes Bash and uses it to run pilotctl commands. This is expected for a CLI orchestration skill, but Bash is a broad tool and should be used only for the documented Pilot workflow.
allowed-tools: - Bash ... pilotctl --json task submit "$AGENT_2" --task "Transform data: $RESULT"
Use this skill only in environments where pilotctl is trusted, and keep execution limited to the documented pilotctl and jq commands unless the user explicitly approves broader shell use.
Data produced by one agent may be sent to another agent, which could disclose sensitive task results to agents with different access or trust levels.
The skill is explicitly designed to move intermediate results across agents. That is disclosed and purpose-aligned, but it can expose sensitive outputs to downstream agents if the agents are not trusted or appropriately scoped.
You need to route intermediate results between different specialized agents
Only chain trusted agents, avoid forwarding secrets unless necessary, and confirm each downstream agent is authorized to receive the intermediate data.
A bad or manipulated upstream result could be passed along to transform or store steps before a person reviews it.
The workflow automatically takes one step's result and embeds it in the next task. This is the intended pipeline behavior, but if an upstream result is malformed or contains hostile instructions, that content can influence later agents.
FETCH_RESULT=$(pilotctl --json task list --type submitted | jq -r ".[] | select(.task_id == \"$FETCH_TASK_ID\") | .result") # Step 2: Transform TRANSFORM_TASK=$(pilotctl --json task submit "$TRANSFORM_AGENT" \ --task "Transform data: $FETCH_RESULT")
For important or sensitive workflows, add validation, delimit untrusted data clearly, and require human approval before storage, publication, account changes, or other high-impact downstream steps.
The safety of actual execution depends on the separately installed Pilot tooling, jq, and the agents selected for the chain.
The skill depends on external components beyond the single SKILL.md file. The artifacts do not include code or an install spec for these dependencies, so their provenance and behavior are outside this review.
Requires pilot-protocol skill, jq, and multiple agents with complementary capabilities.
Install pilotctl, jq, and any related Pilot skills from trusted sources, and review the capabilities of each agent before using it in a pipeline.