Ssh Exec
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: ssh-exec Version: 1.0.0 The `ssh-exec` skill is classified as suspicious due to its inherent high-risk capabilities. It explicitly requires access to SSH keys in `~/.ssh/` or `SSH_AUTH_SOCK` and facilitates remote command execution, including piping local scripts for remote execution, as demonstrated in `SKILL.md`. While these capabilities are aligned with the stated purpose of an SSH execution skill, they represent significant security risks if misused, granting broad shell and network access. There is no evidence of intentional malicious behavior such as data exfiltration or persistence mechanisms within the skill definition itself.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A command run through this skill could read, change, or delete data on the remote machine, depending on the SSH account’s permissions.
The skill instructs the agent to run remote shell commands and can pipe a local script to a remote host. This is the advertised purpose, but it is a high-impact capability if used on the wrong target or with unsafe commands.
ssh -p 8022 user@100.107.204.64 "uname -a" ... ssh -p 8022 user@100.107.204.64 'bash -s' < local-script.sh
Use it only for commands and hosts you explicitly intend; review the exact SSH target and command before execution, especially for scripts or destructive operations.
If your SSH key or agent has broad access, the agent could run commands on privileged remote systems when this skill is invoked.
The skill relies on the user’s existing SSH keys or agent session. This is normal for SSH access, but it means the agent may act with whatever remote permissions those credentials provide.
Requires SSH access to the target (key in `~/.ssh/` or `SSH_AUTH_SOCK`)
Prefer a dedicated, least-privilege SSH key for the intended Tailscale host, constrain SSH agent forwarding/use where possible, and confirm the target identity before running commands.
You have less context about who authored the SSH instructions, though the provided artifacts are short and reviewable.
The skill has limited provenance information. Because it is instruction-only and has no install script or code files, this is not by itself suspicious, but users cannot easily verify its origin.
Source: unknown; Homepage: none
Review the SKILL.md instructions yourself and install only if you are comfortable with an unknown-source skill that can run SSH commands.