Back to skill

Security audit

Pilot Audit Log

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local audit-log helper, but users should harden its log storage before relying on it for compliance.

Install only if you use Pilot Protocol and want local audit records. Before relying on it, set restrictive permissions on ~/.pilot/audit, decide how long logs should be kept, add a cleanup process, and run handshake examples only against agents you intentionally choose.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs creation of persistent audit files under ~/.pilot/audit and configures 90-day retention, but does not warn the user that it will store potentially sensitive trust and connection metadata locally. In a security/compliance logging skill, this persistence is expected, but the lack of disclosure and safeguards can lead to unintended collection, retention, and exposure of sensitive operational data.

Session Persistence

Medium
Category
Rogue Agent
Content
**Initialize audit log:**
```bash
mkdir -p ~/.pilot/audit
cat > ~/.pilot/audit/config.json <<EOF
{
  "enabled": true,
Confidence
92% confidence
Finding
mkdir -p ~/.pilot/audit cat > ~/.pilot/audit/config.json <<EOF { "enabled": true, "log_file": "$HOME/.pilot/audit/events.jsonl", "retention_days": 90, "event_types": ["trust.handshake", "trust

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.