Back to skill

Security audit

SSH Tunnel

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only SSH reference skill whose powerful examples are visible and aligned with its stated purpose, though users should copy commands carefully.

Safe to install as a reference, but review commands before running them. Avoid 0.0.0.0 remote forwards unless you intend remote-network exposure, do not disable host-key checking except for controlled troubleshooting, use passphrases for human keys, restrict deployment keys, and stop background tunnels when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The remote port forwarding examples show how to expose a local service on a remote host, including binding to 0.0.0.0, but they do not clearly warn that this can make a local development or admin service reachable by other remote-network users. In an SSH tunneling skill this is legitimate functionality, but omission of an explicit exposure warning can lead users to unintentionally publish sensitive local services.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The SSH config example disables StrictHostKeyChecking and writes known hosts to /dev/null, which removes SSH's host authenticity verification and suppresses persistence of fingerprints. This enables man-in-the-middle attacks and makes users unable to detect host key changes, which is especially dangerous if copied into wildcard host patterns.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The skill includes a command to generate an SSH private key with an empty passphrase and only a minimal note that it is for automation. Even in automation contexts, presenting this without stronger safeguards can normalize creation of unprotected keys that are immediately usable if copied or stolen.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.