Security audit

Ssh Remote

Security checks across malware telemetry and agentic risk

Overview

This skill is an SSH operations guide with sensitive but disclosed remote-access examples that fit its stated purpose.

Install this only if you want Codex to help with SSH administration. Review every hostname, username, and command before running it; prefer non-root accounts, verify host keys for production servers, and avoid plaintext passwords except for short-lived setup tasks.

SkillSpector

By NVIDIA

Vulnerability Patterns

YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

YARA rule 'backdoor_persistence': Backdoor persistence with malicious payloads (shell commands, SSH key injection, hidden root users) [malware]

High

Category: YARA Match
Content: chmod 700 /tmp/ssh_pass.sh SSH_ASKPASS=/tmp/ssh_pass.sh DISPLAY=dummy:0 \ ssh -o StrictHostKeyChecking=no root@SERVER_IP \ "mkdir -p ~/.ssh && echo '$(cat ~/.ssh/id_ed25519.pub)' >> ~/.ssh/authorized_keys" rm -f /tmp/ssh_pass.sh ```
Confidence: 87% confidence
Finding: echo '$(cat ~/.ssh/id_ed25519.pub)' >> ~/.ssh/authorized_keys

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.