ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

MCP SSH Manager

v0.1.1

This skill should be used when the user asks to "run ssh command", "execute on server", "ssh session", "upload file", "download file", "ssh tunnel", "check server status", "monitor server", "deploy files", "backup server", or needs remote server management. This skill emphasizes session reuse, workdir organization, and content persistence for sustainable operations.

0· 1.7k·3 current·4 all-time
by@imaxtomas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name and description match SSH management. However, the runtime instructions reference custom CLI tools (ssh_execute, ssh_session_start, ssh_upload, etc.) and standard operations (ssh, scp, tar, git, pm2) without declaring any required binaries or credentials. The package contains helper scripts for creating a workdir and logging, but does not provide or install the external 'mcp ssh-manager' server or explain how the ssh_* tools are made available. That mismatch (claims to provide/manage servers but no install, no required binaries, no primary credential) is incoherent.
Instruction Scope
SKILL.md instructs the agent to run arbitrary remote commands, create persistent sessions, transfer files, and save command outputs and host snapshots under ~/.ssh-workdir. Those behaviors are expected for an SSH manager, but they also permit capturing and storing arbitrary remote output (which may include secrets), and running any command on remote hosts. The instructions are broad and rely on external tooling and existing SSH auth; they also implicitly assume access to the user's SSH agent/keys.
Install Mechanism
There is no install spec (instruction-only), which minimizes arbitrary remote downloads. The repo includes three small scripts (create-workdir.sh, log-command.sh, save-status.sh) that manage local logs/workdirs. Not having an install step reduces installer risk, but it increases ambiguity about where the referenced ssh_* tools come from.
Credentials
The skill declares no required environment variables or credentials, yet its functionality implicitly requires SSH authentication (private keys, agent, or credentials) and uses standard system tools. The lack of explicit credential requirements is surprising: the skill will depend on the user's existing SSH keys/config and will store outputs locally. This implicit access should be made explicit so users know what will be used or exposed.
!
Persistence & Privilege
The skill persists command logs, outputs, and status snapshots under ~/.ssh-workdir. Persisting remote outputs locally is reasonable for auditing, but it increases the risk of storing sensitive data (passwords, tokens, config) without explicit safeguards. The skill does not set always:true, but also does not disable model invocation — meaning the agent could invoke these behaviors when the skill is eligible. Combined with the ability to run arbitrary remote commands, that is a noteworthy privilege.
What to consider before installing
Before installing, verify the skill's source and how the ssh_* tools are provided (is there an external 'mcp-ssh-manager' service you must run?). Review the three included scripts to ensure they don't exfiltrate data or run unexpected network calls. Be aware the skill will write command outputs and host snapshots to ~/.ssh-workdir — inspect those outputs regularly and avoid storing sensitive data there. Confirm how SSH authentication will occur (SSH keys/agent), and consider restricting model-triggered use (disableModelInvocation) or running the skill in a sandbox until you trust it. If you can't verify the upstream project/homepage or the origin of the ssh_* helpers, treat this package as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bgrrsxzmtfqvfc9xgh6d30180psaqmcpvk97bgrrsxzmtfqvfc9xgh6d30180psaqserver-managementvk97bgrrsxzmtfqvfc9xgh6d30180psaqsshvk97bgrrsxzmtfqvfc9xgh6d30180psaqssh-managervk97bgrrsxzmtfqvfc9xgh6d30180psaq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🖥️ Clawdis

Comments