ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ssh-agentd-control

v0.1.0

管理并使用本地 ssh-agentd(systemd 常驻 + API 调用 + 连通性验证)。当用户提到 ssh-agentd、持久 SSH 会话、/run /upload /tail_logs、开机自启、会话状态/指标排查时使用。

0· 369·0 current·0 all-time
byofflinecat@offlinecat-dev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description match the provided instructions and script: systemctl commands, local API calls, and connectivity checks. Minor oddity: SKILL.md references hard-coded user-specific paths (/home/krex/...) which makes the skill environment-specific and may not work on other machines or leak path assumptions.
Instruction Scope
Instructions tell the agent to run systemctl, inspect sockets, and call the local API (including running remote commands through the agent). All of these are coherent with managing ssh-agentd. Note: the skill suggests running privileged commands (sudo) and will invoke operations that can execute arbitrary commands on hosts via the agent's /run endpoint — expected for this tool but powerful, so exercise caution.
Install Mechanism
No install spec (instruction-only) and only a small helper script are included, so nothing is downloaded or written to disk at install time beyond the provided files.
Credentials
Registry metadata lists no required env vars, but the script and examples use SSH_AGENTD_TOKEN and optionally SSH_AGENTD_URL. This is reasonable (token is optional if API auth is disabled), but the skill should document these env vars in its manifest. The script intentionally unsets proxy env vars/uses --noproxy to reach localhost; while sensible to avoid proxy interception, this behavior can bypass network monitoring in some environments and is worth noting.
Persistence & Privilege
The skill does not request always:true or persistent privileges. It instructs administrators to run systemctl (sudo) for enabling/restarting the service — appropriate for managing a systemd service. The skill does not modify other skills or global agent settings.
Assessment
This skill appears to do what it says: help manage a local ssh-agentd service and call its HTTP API. Before installing or using it: (1) verify the hard-coded paths (e.g., /home/krex/...) and update them to match your environment; (2) review the systemd unit and hosts.yaml on the target machine so you trust what the agent can do; (3) treat SSH_AGENTD_TOKEN like any secret — do not store it in files checked into repos and prefer short-lived tokens with minimal scope; (4) be aware the script unsets proxy variables/uses --noproxy '*' (this is to reach localhost but effectively bypasses proxies/monitoring); (5) remember many commands require sudo and the agent can trigger remote command execution via /run, so limit who can invoke the skill and audit usage. If you need higher assurance, request the publisher declare SSH_AGENTD_TOKEN/SSH_AGENTD_URL as optional env vars in metadata and replace hard-coded paths with configurable defaults.

Like a lobster shell, security has layers — review code before you run it.

latestvk973ywmwj57g54mkmyy0f3nmwx824ge1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments