ClawHub

SSH OP

Security checks across malware telemetry and agentic risk

Overview

This skill has a plausible SSH-helper purpose, but the package is incomplete for a security-sensitive workflow and asks users to trust changes around 1Password SSH keys and SSH configuration.

Review carefully before installing. Do not rely on this package until the missing `scripts/ssh-op` executable and `config.env.example` are supplied and reviewed. If you use a corrected version, limit the 1Password vault/item or service account to the minimum needed, verify the key fingerprint, and inspect or back up `hosts.conf` and `~/.ssh/config` before applying SSH config changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill describes capabilities to read and write local files such as `config.env`, `hosts.conf`, and `~/.ssh/config`, but it does not declare corresponding permissions. This creates a trust and review gap: users may invoke the skill without realizing it can persist configuration changes and modify SSH behavior on the host.

Session Persistence

Medium
Category
Rogue Agent
Content
Because the primary interface is chat (Telegram), the preferred onboarding flow is:

1. Ask Boss the required questions in chat.
2. Write the real config file: `config.env`.
3. Run a smoke test (e.g. `ssh-op --help` and a safe `ssh-op -T <alias>`).

### Optional (terminal)
Confidence
78% confidence
Finding
Write the real config file: `config.env`. 3. Run a smoke test (e.g. `ssh-op --help` and a safe `ssh-op -T <alias>`). ### Optional (terminal) If you are running in a real terminal, you can use the in

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal