Security audit

Ssh Deploy Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate SSH deployment tool, but it needs Review because it can make broad remote server changes and automatically reads SSH configuration details without tight opt-in boundaries.

Install only if you intentionally want an agent-accessible SSH deployment tool. Review ~/.ssh/config exposure, use a dedicated least-privilege deploy account, enable strict host key checking for production, avoid storing passwords in inventory.json, and test any package-source or service-changing template on one non-production host before batch use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The code automatically reads the user's global ~/.ssh/config and imports host aliases, usernames, ports, and referenced key paths into the skill's inventory without explicit opt-in. In a deployment skill, this expands data access beyond user-provided inventory and can expose sensitive infrastructure metadata, increasing the blast radius if the tool or its outputs are later compromised or logged.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.