Back to skill

Security audit

Pilot Formation

Security checks across malware telemetry and agentic risk

Overview

This skill is a plausible network-topology helper, but it automates trust approvals and includes publishing topology metadata to a registry without strong user-control gates.

Install only if you trust the Pilot network, pilotctl, the daemon, and any registry host you configure. Before use, review the peer list manually, avoid approving all pending peers blindly, and remove or gate the publish command unless you intentionally want to disclose swarm name, hub address, and formation time to that registry.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The workflow includes publishing topology metadata to an external registry host, which expands the skill's behavior beyond local topology formation into outbound data disclosure. Even though the published data appears limited, it can expose swarm identifiers, hub addresses, and timing metadata to an external system without clear necessity or user warning, increasing information leakage and supply-chain trust risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill normalizes automatic handshakes, approvals, and publishing actions without clearly warning that it changes trust relationships between nodes and may disclose topology data externally. In a network-management skill, such actions are expected to some extent, but silently approving peers and publishing metadata materially increase the security impact because they can alter access boundaries and leak infrastructure structure.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.