Back to skill

Security audit

Pilot Dns

Security checks across malware telemetry and agentic risk

Overview

This is a small Pilot Protocol naming helper whose broader peer-listing and messaging examples are visible and user-directed, not hidden or automatic.

Install this only if you trust the Pilot Protocol daemon and the pilotctl binary in your environment. Treat the examples as network actions: setting a hostname changes protocol state, listing peers may reveal known agent metadata, and the connect example sends a message to another node.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill is presented as a DNS/naming utility, but the documentation expands into peer enumeration and direct communication workflows. This broadens the effective capability surface beyond the declared purpose, which can mislead an agent into using discovery and messaging actions under the guise of harmless name management.

Context-Inappropriate Capability

Medium
Confidence
80% confidence
Finding
Listing all peers is a discovery capability, not merely a naming lookup function. In an agent environment, exposing enumeration through a naming skill can enable unintended reconnaissance of the network and bypass operator expectations about which skill handles agent discovery.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The example shows connecting to another agent and sending a message, which introduces an active communication capability outside the stated naming-only scope. This can cause downstream agents or operators to treat the skill as safe metadata resolution while it actually facilitates interaction with remote peers.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.