Back to skill

Security audit

Pilot Voice Memo

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it helps agents record, send, receive, and clear voice memo files over Pilot Protocol, but users should handle audio privacy carefully.

Install only if you trust the Pilot Protocol tooling and daemon on this machine. Before recording or sending audio, confirm the recipient and avoid capturing bystanders, secrets, or sensitive background conversations. Review received files before running the clear command, because it may remove locally stored received data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs agents to record audio, transmit it to another host, list received files, and clear them, but it provides no warning about consent, sensitive content, retention, or logging/privacy implications. In this context, the omission matters because voice recordings frequently contain biometric and confidential information, and the automation-oriented workflow could normalize collection and transfer without adequate user awareness or safeguards.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.