Back to skill

Security audit

Pilot Autonomous Warehouse Setup

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed warehouse-agent setup guide; payment escrow and local Pilot configuration changes deserve review, but no hidden or destructive behavior is shown.

Install only if you intend to run a Pilot multi-agent warehouse setup. Review the downstream pilot-* skills, especially pilot-escrow and pilot-webhook-bridge, before installing them; confirm the ~/.pilot manifest change and only handshake with known trusted peers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The pick-optimizer role includes `pilot-escrow`, which introduces payment-holding functionality unrelated to the stated warehouse orchestration scope of robot coordination, inventory tracking, and dock scheduling. Unnecessary financial capability expands the attack surface and could enable unauthorized handling of funds or sensitive transaction workflows if this skill is deployed as written.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The setup instructs the agent to write a manifest into `~/.pilot/setups/autonomous-warehouse.json` without warning the user that local configuration will be modified. Silent configuration changes can surprise users, overwrite existing state, or create persistent behavior they did not explicitly approve.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.