Back to skill

Security audit

Ssh Essentials

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only SSH command reference with a few risky examples users should treat carefully, but no hidden code or malicious behavior.

Install is reasonable if you want an SSH reference. Before copying commands, avoid disabling host-key checking unless you have verified the server another way, prefer passphrases or tightly limited deploy keys, be careful with agent forwarding and background tunnels, and use rsync --dry-run before any --delete sync.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill includes `ssh -o StrictHostKeyChecking=no user@hostname` as an override/common troubleshooting command, which disables SSH host key verification and makes man-in-the-middle attacks materially easier. In a skill explicitly framed around secure remote access, presenting this bypass as a ready-to-use example increases the chance users normalize an unsafe practice during real connections.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The host key bypass example lacks an immediate warning on the same example that it disables server authenticity checks, exposing users to MITM and host spoofing. Because the command is short and copy-pasteable, omission of a direct warning makes misuse more likely.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The example `ssh-keygen -t ed25519 -N "" -f ~/.ssh/id_deploy` creates an unencrypted private key without warning that theft of the key immediately grants access wherever it is trusted. For automation this can be necessary, but documentation should clearly note the reduced protection and compensating controls.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.