Back to skill

Security audit

Pilot Blocklist

Security checks across malware telemetry and agentic risk

Overview

The skill matches its blocklist purpose, but it includes under-scoped automation that can persistently revoke trust and block peers without clear review or rollback guidance.

Review before installing. Use this only if you intend to let an agent modify Pilot Protocol trust and blocklist state. Verify node IDs and hostnames before running commands, back up the blocklist first, and avoid the score-based auto-blocking workflow unless you add manual review, dry-run output, and a clear recovery process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The workflow expands from maintaining a blocklist into autonomous enforcement based on a peer 'polo_score' threshold, which can cause agents to be untrusted and blocked without human review. In a trust-management skill, that broadens scope from recordkeeping to active decision-making and increases the risk of false positives, denial of service, and abuse if scoring data is inaccurate or manipulated.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The commands directly invoke `untrust` and `reject` against a resolved node ID without warning that these actions sever trust relationships and may block legitimate peers. Because this skill operates in a security-sensitive network trust context, presenting destructive commands as routine examples increases the chance of accidental misuse or social engineering-driven operator error.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The automatic enforcement example continuously blocks peers based on a score threshold and writes persistent state, yet it provides no warning about broad-impact behavior or the possibility of mass false positives. In this context, automation directly affects connectivity and trust posture across the network, so lack of cautionary guidance materially increases operational risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.