ClawHub

SSH Config Manager

Security checks across malware telemetry and agentic risk

Overview

This is a mostly straightforward SSH config manager, but it deserves Review because its connection test passes unvalidated config values to ssh and can contact hosts or alter SSH behavior in ways users may not expect.

Install only if you are comfortable letting this tool read and rewrite SSH config files. Keep backups, review changes before relying on them, avoid running test on configs you did not author, and treat shared or generated SSH config entries as untrusted until HostName and Port validation is added.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises capabilities to read and write SSH configuration files and invoke shell-based SSH testing, but it does not declare permissions or clearly surface that level of access. This is dangerous because users may invoke a skill that can modify sensitive local files and make outbound connections without adequate informed consent or platform-level gating.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill includes a connection-testing feature that initiates outbound SSH connections to user-specified hosts, but the description does not warn about the network/privacy implications. This can expose internal hostnames, trigger monitoring systems, or cause users to probe unintended targets without realizing the action is network-active.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The skill includes a connection-testing feature that initiates outbound SSH connections to user-specified hosts, but the description does not warn about the network/privacy implications. This can expose internal hostnames, trigger monitoring systems, or cause users to probe unintended targets without realizing the action is network-active.

Unvalidated Output Injection

High
Category
Output Handling
Content
try:
            start_time = time.time()
            result = subprocess.run(
                ssh_command,
                capture_output=True,
                text=True,
Confidence
84% confidence
Finding
subprocess.run( ssh_command, capture_output

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal