Back to skill

Security audit

Pilot Inbox

Security checks across malware telemetry and agentic risk

Overview

This is a small Pilot Protocol inbox helper whose main risk is clearly disclosed deletion commands that users should run only intentionally.

Install only if you already use and trust pilotctl and want an agent to inspect your Pilot Protocol inbox. Treat pilotctl --json inbox --clear and pilotctl --json received --clear as destructive; review items first and ask the agent not to clear anything unless you explicitly intend deletion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is framed as a read/triage inbox, yet it documents destructive clearing operations that can delete or purge inbox contents. Presenting these commands without strong safety framing increases the chance an agent or user will perform irreversible data loss during routine inbox review.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Documenting `received --clear` extends the skill from passive inbox viewing into deletion of received files, which can destroy user data or evidence that has not been processed yet. In the context of a unified inbox skill, this capability is not necessary for the stated purpose and is therefore more dangerous because it may be invoked unexpectedly.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Destructive inbox-clearing commands are provided with no warning, confirmation, rollback guidance, or explanation of consequences. This creates an unsafe operational pattern where agents may normalize running deletion commands as part of standard triage, causing accidental loss of messages, files, tasks, or trust-request visibility.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.