Security Audit
ssh
github.com/Mrc220/agent_flywheel_clawdbot_skills_and_integrationsTrust Assessment
ssh received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 11 findings: 6 critical, 5 high, 0 medium, and 0 low severity. Key findings include File read + network send exfiltration, Sensitive path access: SSH key/config, Potential for Remote Command Injection via SSH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on June 1, 2026 (commit 6a655802). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings11
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/ssh/SKILL.md:27 | |
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/ssh/SKILL.md:178 | |
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/ssh/SKILL.md:183 | |
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/ssh/SKILL.md:193 | |
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/ssh/SKILL.md:215 | |
| CRITICAL | Potential for Remote Command Injection via SSH The skill explicitly demonstrates how to execute arbitrary commands on remote servers using SSH (e.g., `ssh user@host "ls -la /var/log"`). If an AI agent is granted the ability to use this skill and constructs SSH commands based on untrusted user input, a malicious actor could inject arbitrary shell commands. This could lead to remote code execution, unauthorized access, or system compromise on the target server. Implement strict input validation and sanitization for all parameters used in SSH commands, especially the command string itself. Consider whitelisting allowed commands or using a more constrained remote execution mechanism. Limit the agent's ability to construct arbitrary SSH commands based on direct user input. | LLM | SKILL.md:40 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/config'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/ssh/SKILL.md:27 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/id_ed25519'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/ssh/SKILL.md:178 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/id_ed25519'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/ssh/SKILL.md:183 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/config'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/ssh/SKILL.md:193 | |
| HIGH | Potential for Data Exfiltration via SCP/Rsync The skill provides examples of copying files and directories from remote servers to the local machine using `scp` and `rsync` (e.g., `scp user@host:/remote/file.txt ./local/`). If an AI agent is granted the ability to use this skill and constructs file transfer commands based on untrusted user input, a malicious actor could instruct the agent to exfiltrate sensitive files from remote servers to the agent's local environment or other accessible locations. Implement strict input validation and access controls for file paths used in `scp` and `rsync` commands. Restrict the agent's ability to transfer files from arbitrary remote paths to arbitrary local paths. Consider sandboxing the agent's file system access and limiting the scope of accessible directories. | LLM | SKILL.md:58 |
Scan History
Embed Code
[](https://skillshield.io/report/ba79e3f9027ff695)
Powered by SkillShield