Back to skill

Security audit

Teleport tsh SSH (Identity-First SSH Access, no passwords/static keys)

Security checks across malware telemetry and agentic risk

Overview

This is a Teleport SSH helper that can run remote commands with an existing identity, but that power is disclosed and aligned with its purpose.

Install this only if you want an agent to use tsh for Teleport SSH workflows. Confirm the selected identity file and proxy before use, keep the Machine ID identity narrowly scoped, and review remote commands or file-copy requests because they will run with whatever access that Teleport identity grants.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The manifest description uses broad trigger phrases like connecting to hosts, executing commands, and troubleshooting access, which can cause the skill to activate for generic SSH or command-execution requests beyond a narrowly scoped Teleport workflow. In an agentic system, over-broad routing can lead to unintended remote access actions or use of local credentials in contexts the user did not specifically intend.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The skill directs the agent to persist proxy information to a local file automatically, which modifies user state without an explicit confirmation step or warning. Even though the data is not as sensitive as credentials, silent persistence can create privacy, integrity, and operational surprises, especially on shared systems or when a stale proxy later causes misrouting.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.