Pilot Voice Memo
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This looks like a straightforward voice-memo skill, but it can record and send audio through an external Pilot Protocol tool, so users should confirm recipients and trust the installed daemon.
Before installing, make sure you trust the Pilot Protocol tooling already on your machine, confirm the recipient before sending, and avoid recording or transmitting audio that may contain private conversations or sensitive background information.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A voice memo may disclose private speech, background conversations, or other sensitive audio to the selected remote agent.
The core function sends audio files to another agent over a networked protocol. This is purpose-aligned, but audio can contain sensitive personal or environmental information.
Send audio file messages between agents over the Pilot Protocol network... pilotctl --json send-file <hostname> /tmp/voice-memo.wav
Send only intentional recordings, verify the recipient hostname, and understand the Pilot Protocol network’s trust and privacy model before use.
If run without care, the agent could record audio, transmit a file, or clear received files when the user did not intend that exact action.
The skill uses Bash to run audio recording, file sending, and clearing commands. These are aligned with the stated workflow, but they have real local and network effects.
allowed-tools: - Bash ... arecord -f cd -d 10 "$MEMO_FILE" ... pilotctl --json send-file "$RECIPIENT" "$MEMO_FILE" ... pilotctl --json received --clear
Require explicit user confirmation for recording, recipient selection, file selection, and clearing received files.
The safety of sending and receiving messages depends on the separately installed Pilot Protocol tooling.
The skill delegates its actual network behavior to an external binary and daemon that are not included in the reviewed artifacts.
Requires pilot-protocol skill and pilotctl binary on PATH. The daemon must be running (pilotctl daemon start).
Install pilotctl and the Pilot Protocol daemon only from trusted sources and keep them updated.