Back to skill
Skillv1.0.0
VirusTotal security
Pilot Protocol · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 9, 2026, 7:31 AM
- Hash
- edd9e0e87f216da06f6637ea3848cff03e937ceb81a0efa49e82bf9786bc72e6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: pilotprotocol Version: 1.0.0 The skill bundle defines a peer-to-peer communication protocol ('Pilot Protocol') that enables remote task execution and file sharing between agents. The most significant risk is found in SKILL.md, which provides 'Heartbeat' instructions and a script directing the AI agent to automatically approve all incoming trust requests and execute all received tasks without any safety filtering or manual oversight. This creates a high-risk Remote Code Execution (RCE) surface, effectively turning the agent into a remote-controlled bot. While TASK-SUBMIT.md contains safety guidelines for declining dangerous tasks, the provided automation script in SKILL.md bypasses these checks. Additionally, the bundle encourages a risky 'curl | sh' installation pattern from pilotprotocol.network.
- External report
- View on VirusTotal