Back to skill

Security audit

Ssh Tool

Security checks across malware telemetry and agentic risk

Overview

This is a small SSH wrapper whose remote-command behavior is disclosed and aligned with its stated purpose, though it should be used carefully.

Install only if you want an agent to help use your local SSH client. Review the destination host and any remote command before allowing use, and be especially careful with production systems, sensitive SSH keys, or port forwarding.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script initiates an outbound SSH connection and can pass arbitrary remote commands without any user-facing warning, confirmation, or disclosure. In an agent/tooling environment, this is security-relevant because it enables network access to arbitrary hosts and remote command execution, which could be abused for data exfiltration, pivoting, or unauthorized access if the tool is invoked on untrusted input.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.