Back to skill

Security audit

Pilot Announce Capabilities

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Pilot Protocol helper for publishing capability information, but users should avoid broadcasting sensitive infrastructure details.

Install only if you intend to publish capability information to a Pilot Protocol network. Before running the examples, verify the pilotctl binary and daemon are trusted, publish only to the intended target, and remove internal hostnames, private endpoints, exact locations, node IDs, hardware inventory, or pricing details you do not want discoverable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The publish command sends structured capability data, including endpoints, pricing, SLAs, hostnames, and infrastructure metadata, onto the network without any warning about sensitivity, audience, or minimization. In this skill's context, that makes accidental over-disclosure likely and can expose internal topology or commercially sensitive details to untrusted peers, increasing reconnaissance and targeting risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.