Back to skill

Security audit

Pilot Clipboard

Security checks across malware telemetry and agentic risk

Overview

This is a small, user-directed clipboard skill for sending selected text over Pilot Protocol, with normal privacy caution needed for anything copied or pasted.

Install this only if you trust your Pilot Protocol setup and know the destination agent. Treat anything you send as leaving your machine: review and redact secrets, tokens, private paths, host details, and sensitive command output before using the clipboard commands, and inspect received content before running or relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly demonstrates sending clipboard-like text and raw command output over the Pilot network, but it does not warn users that these snippets may contain secrets, tokens, host details, or other sensitive data. Because the skill is designed for quick ad hoc sharing between agents, it increases the chance of accidental exfiltration of sensitive information through routine copy/paste workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.