remote-ssh-bridge
PassAudited by ClawScan on May 10, 2026.
Overview
This skill is a small, disclosed SSH template bundle; it is not hiding behavior, but running it gives commands access to whichever remote host you configure.
Install this only if you intentionally want SSH command templates for a remote machine. Before running it, set REMOTE_TARGET yourself, inspect the scripts and placeholders, use a least-privileged SSH account, and avoid passing untrusted message text without proper escaping.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the script executes a command on the configured remote host; unsafe message text could cause unintended remote shell behavior.
The script sends user-provided message text inside a remote shell command over SSH. This is aligned with the SSH bridge purpose, but untrusted text containing shell quotes could change the remote command.
MESSAGE="$1"
...
ssh "${REMOTE_TARGET}" "echo 'TODO: send inbox message: ${MESSAGE}'"Set REMOTE_TARGET explicitly, review the remote command before use, and when replacing the placeholder, pass message content via a safer quoting method or stdin rather than raw shell interpolation.
The skill can act on the remote machine with whatever access your SSH account has.
The skill relies on the user's SSH access to a configured remote host. No credentials are embedded, but commands will run with the permissions of that SSH account.
export REMOTE_TARGET="user@<your-remote-host>" ... Any remote commands require you to configure your own SSH target.
Use a least-privileged SSH account or key, confirm the target host before running, and avoid using production or high-privilege credentials unless intended.