ClawHub

sjht-ssh-ops

Security checks across malware telemetry and agentic risk

Overview

This SSH operations skill is transparent about its purpose, but it grants broad server-administration power and uses risky defaults that users should review before installing.

Install only if you intentionally want an agent to administer specific servers. Verify host fingerprints before deployment, avoid root accounts where possible, review every remote command before it runs, install dependencies yourself or approve them explicitly, unset SSHPASS after use, and remove or rotate deployed SSH keys when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The deploy path performs local package installation of sshpass, which modifies the operator's machine and exceeds the minimum scope needed for SSH key deployment. In an agent skill context, unexpected local system changes increase risk because a remote-ops task can silently alter host state or trigger privileged package-manager actions the user did not explicitly approve.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrases are broad terms like '服务器管理', '连接服务器', and '运维', which can match many ordinary admin or troubleshooting requests. Because this skill enables shell-based SSH operations and arbitrary remote commands, broad invocation criteria make accidental activation more dangerous by routing benign conversations into a high-privilege operational tool.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The deploy command disables SSH host key verification with StrictHostKeyChecking=no, removing protection against man-in-the-middle attacks during the initial key installation. An attacker intercepting the connection could capture the password-based session or cause the public key to be installed on the wrong host, compromising future access.

Missing User Warnings

High
Confidence
98% confidence
Finding
The deploy command disables SSH host key verification with StrictHostKeyChecking=no, removing protection against man-in-the-middle attacks during the initial key installation. An attacker intercepting the connection could capture the password-based session or cause the public key to be installed on the wrong host, compromising future access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal