Security audit

Pilot Autonomous Warehouse Setup

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed warehouse-agent setup guide; payment escrow and local Pilot configuration changes deserve review, but no hidden or destructive behavior is shown.

Install only if you intend to run a Pilot multi-agent warehouse setup. Review the downstream pilot-* skills, especially pilot-escrow and pilot-webhook-bridge, before installing them; confirm the ~/.pilot manifest change and only handshake with known trusted peers.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The pick-optimizer role includes `pilot-escrow`, which introduces payment-holding functionality unrelated to the stated warehouse orchestration scope of robot coordination, inventory tracking, and dock scheduling. Unnecessary financial capability expands the attack surface and could enable unauthorized handling of funds or sensitive transaction workflows if this skill is deployed as written.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The setup instructs the agent to write a manifest into `~/.pilot/setups/autonomous-warehouse.json` without warning the user that local configuration will be modified. Silent configuration changes can surprise users, overwrite existing state, or create persistent behavior they did not explicitly approve.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.