Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ssh Remote Control
v1.0.10SSH远程控制电脑 - 让AI Agent通过SSH连接和操作远程Mac/Linux电脑,无需在被控电脑上安装任何agent工具。一个服务器上的AI,触手伸向多台远程设备。
⭐ 2· 175·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description claim SSH-based remote control and the SKILL.md describes exactly that (ssh/scp examples, macOS/Linux commands, tunnel guidance). That capability legitimately requires host/port/user/key. However, registry metadata presented earlier lists 'Required env vars: none' while the SKILL.md and _meta.json declare required env vars (SSH_TARGET_HOST, SSH_TARGET_PORT, SSH_TARGET_USER, SSH_KEY_PATH). This metadata mismatch is an incoherence (likely a packaging/metadata error) and should be resolved before trusting the skill.
Instruction Scope
The runtime instructions explicitly require the agent to run SSH and SCP commands and access a local private key path (SSH_KEY_PATH). That is consistent with the stated purpose but is high-impact: any agent with access to the private key can log into all systems that accept it. The SKILL.md also instructs the user to set up tunnel tools (ngrok/frp) which is expected but increases exposure surface. The instructions do not include enforcement mechanisms (no code that would limit or sandbox commands) — they rely on the operator to restrict keys/accounts on the remote hosts.
Install Mechanism
This is an instruction-only skill (no install spec, no code files to run). That minimizes install-time risk because nothing is downloaded or executed automatically by installation. Risk shifts to runtime: the agent executing SSH commands on behalf of the user.
Credentials
Requested environment variables (host, port, user, path to private key) are appropriate and proportionate for an SSH remote-control skill. However, the skill requires access to a sensitive secret (the SSH private key file). The metadata inconsistency (registry listing none vs _meta.json/README declaring requiredEnvVars) is concerning — it may lead to unexpected exposure if platform-level protections assume none are required. The SKILL.md recommends using a dedicated, limited-permission key which is the correct mitigation.
Persistence & Privilege
The skill does not request persistent/always-on inclusion (always:false) and does not declare actions that modify other skills or system-wide agent settings. Autonomous invocation is allowed by default but not itself a flag here; combine that with the sensitive key-access requirement when deciding whether to allow autonomous execution.
What to consider before installing
This skill does what it says — it teaches the agent to SSH into remote machines and run commands — but that requires giving the agent access to a private SSH key (SSH_KEY_PATH). Before installing or enabling: 1) Verify the skill source/repository and maintainers (the registry lists an unknown source). 2) Do NOT reuse an existing key: create a dedicated SSH key pair for this skill and grant the remote account minimal permissions (non-admin user, limited sudo if any). 3) Restrict the key in authorized_keys (command=, no-pty, from=) and consider a passphrase + ssh-agent or an SSH certificate with short lifetime. 4) Keep the private key file permission-restricted (600) and ensure the platform will not leak it in logs or to other skills. 5) Resolve the metadata mismatch (the registry claims no required env vars but the skill expects several) — ask the publisher to correct packaging. 6) If you plan to allow autonomous agent actions, limit scope (dedicated account, strict remote-side command restrictions) because the agent can execute arbitrary commands once it has key access. If you cannot enforce these mitigations or verify the publisher, treat the skill as high-risk and do not provide access to sensitive keys or privileged accounts.Like a lobster shell, security has layers — review code before you run it.
agentvk974mrwt6dpa9gf0yqffqgemd583wve2controlvk974mrwt6dpa9gf0yqffqgemd583wve2latestvk9700cg624cp9zfts7ms5mkjv583z5d4linuxvk974mrwt6dpa9gf0yqffqgemd583wve2macvk974mrwt6dpa9gf0yqffqgemd583wve2remotevk974mrwt6dpa9gf0yqffqgemd583wve2sshvk974mrwt6dpa9gf0yqffqgemd583wve2tunnelvk974mrwt6dpa9gf0yqffqgemd583wve2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.