Back to skill
Skillv1.0.1
ClawScan security
sshexec · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 3, 2026, 3:08 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and runtime instructions are consistent with its stated purpose (executing SSH commands); there are no hidden network callbacks, downloads, or unrelated credential requests, but follow standard operational cautions (passwords on CLI, private key handling, logging).
- Guidance
- This skill appears to do what it says, but exercise normal SSH security hygiene before installing or using it: avoid passing passwords on the command line (use SSH agent or protected key files instead), protect private key files and their passphrases, be mindful that command output is logged (may contain secrets), and prefer enabling --strict-host-key to detect MITM. Because the package source is 'unknown', only run this on trusted machines and review or sandbox the script first; install paramiko from the official PyPI repository and verify integrity before use.
Review Dimensions
- Purpose & Capability
- okThe name/description (SSH command execution with password or key auth) matches the provided Python script (ssh_exec.py). The script uses paramiko to open SSH connections, run a command, and return/log output—exactly what the skill claims.
- Instruction Scope
- noteSKILL.md and the script limit behavior to connecting to a specified host and executing a single command. However, the documentation examples show passing passwords on the command line (exposed to other local processes/system process listings) and the script logs stdout/stderr (which may contain sensitive data). The script also honors allow_agent=True so it may use local SSH agent keys—this is expected but worth noting.
- Install Mechanism
- okThis is instruction-only (no installer). The script depends on the paramiko library and will abort if it's missing; recommending 'pip install paramiko' is expected and proportional. No remote downloads, archive extraction, or nonstandard install paths are present.
- Credentials
- okThe skill requests no environment variables or credentials from the platform. It operates using credentials you provide at runtime (password or path to a private key) and may use the local SSH agent—these are appropriate for an SSH executor.
- Persistence & Privilege
- okThe skill does not request persistent presence (always:false) and does not modify other skills or system-wide agent settings. It runs as an on-demand script and does not write configuration outside normal logging.