Trust Assessment
ssh received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Command Injection via unsanitized user input, Command Injection via unsanitized user input (shell mode), Credential Exposure via Command-Line Arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via unsanitized user input The skill's core script `scripts/ssh.py` directly executes commands provided as command-line arguments (`sys.argv`) using `paramiko.SSHClient.exec_command()` and `SSHClient.invoke_shell().send()`. If the `command` or `commands` arguments are derived from untrusted user input without proper sanitization, an attacker can inject arbitrary shell commands to be executed on the remote server with the privileges of the connected SSH user. This is a direct and severe command injection vulnerability. Implement robust input validation and sanitization for all command arguments before passing them to `ssh.exec_command()` or `shell.send()`. Consider using a whitelist of allowed commands and arguments, or strictly escaping all special shell characters. Avoid directly concatenating user input into shell commands. | LLM | scripts/ssh.py:26 | |
| CRITICAL | Command Injection via unsanitized user input (shell mode) In the 'shell' mode, the `ssh_shell` function iterates through a list of commands, each of which is directly sent to the interactive SSH shell session via `shell.send()`. If these commands originate from untrusted user input and are not properly sanitized, an attacker can inject arbitrary shell commands to be executed on the remote server. Implement robust input validation and sanitization for all command arguments before passing them to `shell.send()`. Consider using a whitelist of allowed commands and arguments, or strictly escaping all special shell characters. Avoid directly concatenating user input into shell commands. | LLM | scripts/ssh.py:49 | |
| HIGH | Credential Exposure via Command-Line Arguments The script `scripts/ssh.py` accepts the SSH username and password directly as command-line arguments (`sys.argv`). This method of passing sensitive credentials is insecure as they can be easily exposed in process lists (e.g., `ps aux`), shell history, or system logs, making them vulnerable to harvesting by other users or processes on the system. Avoid passing sensitive credentials like passwords directly as command-line arguments. Instead, use more secure methods such as environment variables, a secure credential store (e.g., a secrets manager), or prompt for input if interactive. For automated skills, environment variables or a dedicated secrets management system are preferred. | LLM | scripts/ssh.py:67 | |
| MEDIUM | Reduced Security Posture due to AutoAddPolicy for SSH Host Keys The skill uses `paramiko.AutoAddPolicy()` for handling missing SSH host keys. This policy automatically adds new host keys to the `known_hosts` file without verification. While convenient, this practice makes the client vulnerable to Man-in-the-Middle (MITM) attacks, especially during the first connection to a new host, as it implicitly trusts any host presenting itself as the target. For enhanced security, consider using `paramiko.WarningPolicy()` or `paramiko.RejectPolicy()` and explicitly managing the `known_hosts` file. For an automated skill, pre-populating `known_hosts` with verified server keys or implementing an out-of-band host key verification mechanism would be more secure than automatic addition. | LLM | scripts/ssh.py:19 |
Scan History
Embed Code
[](https://skillshield.io/report/f62e3c8fcacfcf9e)
Powered by SkillShield