Back to skill

Security audit

Pilot Stream Data

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only streaming helper whose network and logging examples match its stated purpose, but users should supervise destinations, duration, and logs.

Install only if you trust the Pilot Protocol tooling and need persistent streaming. Before running examples, set DEST intentionally, avoid streaming private data or credentials, add a stop condition for loops, monitor background processes, and delete or protect /tmp/pilot-stream.log if it may contain sensitive data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The example performs indefinite outbound transmission of structured data to a remote destination without any warning, consent step, or guidance on validating the recipient. In an agent skill context, this can normalize silent exfiltration of telemetry, logs, or other sensitive runtime data over persistent connections.

Missing User Warnings

Low
Confidence
80% confidence
Finding
Writing streamed output to /tmp creates local persistence of potentially sensitive streamed data without documenting retention or access implications. On multi-user or shared environments, temporary files may be readable by other processes or left behind longer than expected, increasing exposure of logs or payload contents.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.