Back to skill

Security audit

Pilot Watchdog

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Pilot Protocol monitoring skill with disclosed local state, alert logging, and a localhost webhook example, but users should review the long-running and configuration-changing commands before running them.

Install only if you use Pilot Protocol and trust the pilotctl binary. Review commands before running them: initialization writes under ~/.pilot/watchdog, the workflow runs continuously until stopped, and set-webhook changes daemon behavior even though the provided endpoint is localhost.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill is presented as a monitoring tool, but it also issues a state-changing administrative command to reconfigure the Pilot daemon's webhook endpoint. That can silently alter runtime behavior, redirect security events, and create unintended outbound traffic or data exposure, which is risky for a skill users may expect to be read-only.

Missing User Warnings

Low
Confidence
75% confidence
Finding
The skill writes persistent configuration and state under `~/.pilot/watchdog` without clearly warning the user that it will modify local files and retain monitoring data across sessions. While expected for a watchdog tool, undisclosed persistence can surprise users, affect later runs, and leave sensitive operational metadata on disk.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The workflow includes an indefinite monitoring loop and webhook configuration, both of which create ongoing system and network effects that are not prominently warned about. This can lead to unattended resource consumption, persistent logging, continuous polling of the daemon, and outbound event delivery to a configured endpoint.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.