Back to skill

Security audit

Pilot Map Reduce

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed map-reduce helper whose peer messaging is expected for distributed processing.

Install this only for Pilot Protocol workflows where mapper and reducer peers are trusted. Treat map tasks, reduce values, and returned results as shared with the swarm, and avoid secrets, regulated data, or proprietary datasets unless the peer network and local intermediate storage are appropriate.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The example actively distributes job data and task metadata to multiple workers via `pilotctl send-message` without any warning, consent boundary, or guidance on what kinds of data are safe to transmit. In a distributed agent setting, this can cause operators to send sensitive datasets or derived results to remote peers by default, increasing the risk of unintended data disclosure to untrusted or misconfigured workers.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.