ClawHub

sshexec

Security checks across malware telemetry and agentic risk

Overview

This SSH skill appears to do what it claims, but it gives broad remote command power with weak default host verification and limited safety guidance.

Install only if you intentionally want an agent to run commands on remote servers. Use least-privilege SSH accounts, prefer key-based authentication, enable --strict-host-key, avoid putting passwords or secrets on the command line, protect logs, and require explicit human approval for commands that change files, services, permissions, deployments, or data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
When strict host key checking is disabled by default, the client silently trusts previously unknown SSH servers via AutoAddPolicy. This enables man-in-the-middle attacks or misdirection to an attacker-controlled host, especially dangerous because this skill executes arbitrary remote commands and may send passwords or use agent-backed credentials during connection setup.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill documentation explicitly encourages remote command execution over SSH using password authentication but does not warn about the risks of arbitrary command execution, credential exposure, or the potential to damage remote systems. In an agent-skill context, omitting these safeguards increases the chance that users or upstream agents invoke destructive commands or mishandle secrets under the assumption that the workflow is inherently safe.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code disables SSH host authenticity verification by default and provides no user-facing warning that unknown hosts will be accepted automatically. In a tool designed to execute commands on remote systems, this weakens transport trust guarantees and can lead to credential exposure, command execution on the wrong host, and interception by an active network attacker.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
This skill allows you to execute SSH commands on remote servers securely. It supports both password and key-based authentication methods, making it versatile for various use cases.
## Features
- **Authentication**: Supports both password and key-based authentication.
- **Command Execution**: Execute any command on the remote server and retrieve the output.
- **Error Handling**: Provides detailed error messages for failed command executions.
- **Logging**: Logs all executed commands and their results for auditing purposes.
## Prerequisites
Confidence
93% confidence
Finding
Execute any command

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal