ClawHub

netmiko ssh

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent SSH administration wrapper, but it gives an agent broad remote-command, credential, and command-history access without enough user-facing limits or retention details.

Install only if you intentionally want an agent to manage SSH sessions and run commands on systems you control. Verify the external MCP server and mcp2skill source, use least-privilege credentials, restrict allowed hosts and commands, require explicit approval for changes, and confirm how session and command history are stored and deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The statement that the skill is 'automatically invoked when tools from this MCP server are required' is too vague for a high-risk SSH capability. Broad invocation language can cause an agent to use SSH tooling without an explicit, informed user request, increasing the chance of unintended remote command execution against infrastructure.

Missing User Warnings

High
Confidence
97% confidence
Finding
This skill exposes tools for creating SSH sessions, executing remote commands, and listing active or historical sessions/commands, but it provides no user-facing warnings about credential sensitivity, remote execution risk, or exposure of session history. In this context, missing safeguards materially increases the likelihood of credential mishandling, unauthorized command execution, and inadvertent disclosure of operational history.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documented tools allow users to supply SSH credentials and execute arbitrary remote commands, but the reference provides no user-facing warning about credential sensitivity, remote-side effects, audit exposure, or the risk of acting on unintended hosts. In an agent setting, this increases the chance of unsafe use, accidental credential disclosure, or destructive command execution because the capability is high-risk and not framed with adequate safety guidance.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal