Back to skill

Security audit

Pilot Swarm Join

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent for swarm setup, but it tells users to approve every pending peer trust request, which could trust unintended agents.

Install only if you control the pilotctl daemon and understand the peer trust model. Do not run the approve-all command as written unless every pending node is known and intended; inspect pending requests, verify swarm membership and node identity, and approve only specific trusted peers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The command approves every pending handshake returned by the local daemon, regardless of whether the requester belongs to the intended swarm. In a discovery-based trust workflow, this can unintentionally establish trust with unrelated or malicious nodes that happened to queue a request, expanding compromise from a single swarm join into broad unauthorized peer trust.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The workflow example performs blanket approval of all pending handshakes across the daemon, not just those initiated by peers in the named swarm. Because handshake approval appears to create bidirectional trust, an attacker can race or pre-seed pending requests and get trusted automatically when an operator follows the example.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill presents automatic approval of pending peers as a normal step without warning that approval grants trust to any queued requester. This omission increases the chance that users will execute a dangerous trust decision mechanically, especially in an auto-discovery swarm context where untrusted parties may be present.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The example auto-approves all pending handshakes with no discussion of trust boundaries, identity verification, or the consequences of bidirectional trust. In a skill specifically designed for swarm formation and peer discovery, that omission is more dangerous because users are encouraged to trust newly discovered peers at scale.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.