Back to skill

Security audit

Pilot Share

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward user-directed file sharing helper, but users should treat its examples as sending selected local files to another agent.

Install only if you intend to use Pilot Protocol file sharing. Before running any send command, verify the recipient, inspect exactly what path or archive will be transmitted, and avoid secrets, private keys, customer data, home-directory archives, or unrelated personal files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill provides concrete file-transfer commands that send files and directories to another agent/system, but it does not prominently warn users that local data will leave the host boundary. In a one-click sharing skill, this omission increases the risk of accidental exfiltration of sensitive files, especially when users may copy-paste examples or substitute paths without fully considering destination trust.

VirusTotal

46/46 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.