Rssh2 - SSH远程自动化工具
Security checks across malware telemetry and agentic risk
Overview
This is a real SSH automation skill, but it gives an agent broad control over remote machines and network tunnels with limited built-in guardrails.
Install only if you intentionally want an agent to run SSH commands, transfer files, and create tunnels on your behalf. Use a least-privilege SSH account, avoid root and passwords where possible, verify server fingerprints yourself, approve each command and file operation, and be especially cautious with remote port forwarding because the default bind may expose services more broadly than intended.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.