Back to skill

Security audit

Pilot S3 Bridge

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate cloud-storage bridge skill, but its example shows a public long-running agent with cloud credentials and no documented access controls.

Install only if you understand and control the Pilot bridge environment. Use dedicated least-privilege cloud credentials, keep the daemon private unless public access is explicitly required, restrict buckets and prefixes, verify allowed senders, validate requested actions and paths, and stop the bridge when the task is complete.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.