Sparkey
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may not get an installation-time warning that this skill needs privileged Linux account and SSH authority.
The registry-facing metadata does not surface provenance or the required host capabilities, even though the supplied scripts require root-level SSH and user-management operations.
Source: unknown; Homepage: none; Required binaries (all must exist): none; Required binaries (at least one): none; Capability signals: No capability tags were derived.
Fix the registry metadata to include the homepage/source, required binaries, Linux/root expectations, and capability tags before normal installation.
Running the script gives it authority to change system accounts and SSH access on the host.
The grant script explicitly requires root and depends on tools that create, modify, delete, lock, and terminate local user accounts.
[[ ${EUID} -eq 0 ]] || die "This script must be run as root (sudo)" ... for cmd in ssh-keygen useradd userdel usermod passwd pkill getent; doRun only on a dedicated, trusted operator/target host, review the exact command options, and avoid using it on shared systems unless you are comfortable with root-level account changes.
If that CA key is stolen, an attacker could create SSH certificates accepted by configured servers.
The skill intentionally creates a persistent SSH CA private key with authority over trusting targets.
The CA private key (`/etc/ssh/agent_ca`) created by `setup-ca.sh` is a **persistent operator-side credential** ... If compromised, an attacker can mint valid SSH certificates for any target that trusts the CA.
Protect the CA key like a production credential: restrict host access, rotate it, consider an HSM/offline CA, and avoid copying it to target servers.
Expired accounts, keys, support shells, or cleanup scripts may remain until a human runs audit or revoke commands.
The script only warns when no cleanup scheduler exists, so the advertised automated cleanup layer may not be scheduled.
if ! command -v at &>/dev/null && ! command -v systemd-run &>/dev/null; then
warn "Neither 'at' nor 'systemd-run' found. Auto-cleanup will NOT be scheduled."
fiMake at/systemd-run a hard requirement by default, or require an explicit override; after each use, run the audit script and revoke any leftover sessions.
The script could connect to a host using existing SSH credentials before the temporary access flow is complete, and host identity checks are weakened for that check.
The pre-flight check may use the operator's default SSH credentials and disables strict host-key checking for the target.
ssh -o BatchMode=yes -o ConnectTimeout=5 -o StrictHostKeyChecking=no \
"${host}" 'sshd -V 2>&1 || ssh -V 2>&1'Prefer explicit user/identity options and normal host-key verification, or document this pre-flight behavior prominently.
On systems where those directories do not already exist, dry-run mode can still modify system state.
The script creates protected directories before the dry-run branch that claims no changes will be made.
mkdir -p /usr/local/bin /usr/local/sbin
if [[ "${dry_run}" == true ]]; then
printf '=== DRY RUN — No changes will be made ===\n'Move all filesystem changes after the dry-run exit path, or clearly state that dry-run may still touch these directories.