Back to skill
Skillv1.0.1
VirusTotal security
sshexec · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:56 AM
- Hash
- adf5dd5f9fdcfa6427da6b6edf8c186a7fb6ad703e8a5c196eeff3ffe53b4962
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: sshexec Version: 1.0.1 The `sshexec` skill is designed to execute arbitrary SSH commands on remote servers, a powerful capability that, while aligned with its stated purpose, inherently carries significant risk. The `ssh_exec.py` script uses `paramiko.AutoAddPolicy()` by default for SSH host keys, which is a known vulnerability as it automatically trusts unknown host keys, making it susceptible to Man-in-the-Middle (MITM) attacks if not explicitly overridden with `--strict-host-key`. While the skill does not exhibit explicit malicious intent like data exfiltration or local persistence, its core functionality of remote command execution combined with a less secure default for host key verification makes it suspicious due to the potential for misuse and security flaws.
- External report
- View on VirusTotal