Context-Inappropriate Capability
Medium
- Confidence
- 98% confidence
- Finding
- The script disables SSH host key verification with `StrictHostKeyChecking=no` when testing connectivity, which permits man-in-the-middle interception or impersonation of a peer. In a sync utility that transfers memory and user data between agents, trusting an unauthenticated host can lead to silent disclosure, tampering, or poisoning of synchronized state.
