SAPCONET SSH Bridge

WarnAudited by ClawScan on May 10, 2026.

Overview

The skill mostly matches its SSH-template purpose, but its message script inserts unescaped message text into an SSH command, which could run unintended commands on the remote SAPCONET host.

Install only if you intentionally need SAPCONET SSH templates. Before use, fix or avoid the message script’s unsafe quoting, set the target host explicitly, verify you are authorized for that host, and use a dedicated least-privilege SSH key.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High

#ASI02: Tool Misuse and Exploitation

What this means

A crafted or accidentally unsafe message could cause commands other than the intended inbox-message placeholder to run on SAPCONET using the user’s SSH access.

Why it was flagged

The script places user-supplied message text directly inside a remote shell command sent over SSH. If the message contains a single quote or shell syntax, it can break out of the intended echo command and execute unintended commands on the remote host.

Skill content

MESSAGE="$1"
...
ssh "${SAPCONET_TARGET}" "echo 'TODO: send inbox message: ${MESSAGE}'"

Recommendation

Do not pass untrusted message text to this script as written. Escape or quote the message safely, pass it via stdin or as an argument to a fixed remote script, and require review before any real inbox-sending command is substituted.

Low

#ASI03: Identity and Privilege Abuse

What this means

Running the scripts may connect to the default SAPCONET host with the user’s available SSH identity if SAPCONET_TARGET is not changed.

Why it was flagged

The skill defaults to a specific SSH user and host and will use whatever SSH credentials or agent access the user’s environment provides.

Skill content

SAPCONET_TARGET="${SAPCONET_TARGET:-neill@100.110.24.44}"
...
ssh "${SAPCONET_TARGET}"

Recommendation

Set SAPCONET_TARGET explicitly, verify the host and host key, and use a dedicated least-privilege SSH key/account for SAPCONET operations.

Info

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Users may not realize the skill depends on local SSH tooling and comes without a linked source repository or homepage.

Why it was flagged

The package provenance is limited and the metadata does not declare the SSH runtime dependency even though the scripts use SSH. The included files are small and reviewable, so this is a disclosure/provenance note rather than a standalone concern.

Skill content

Source: unknown
Homepage: none
Required binaries (all must exist): none

Recommendation

Review the scripts before use, ensure `ssh` is installed, and prefer a version with clear provenance and accurate dependency metadata.