Trust Assessment
ssh-essentials received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 32 findings: 17 critical, 15 high, 0 medium, and 0 low severity. Key findings include File read + network send exfiltration, Sensitive path access: SSH key/config, Potential Command Injection via SSH Arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings32
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/arnarsson/ssh-essentials/SKILL.md:20 | |
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/arnarsson/ssh-essentials/SKILL.md:66 | |
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/arnarsson/ssh-essentials/SKILL.md:69 | |
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/arnarsson/ssh-essentials/SKILL.md:72 | |
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/arnarsson/ssh-essentials/SKILL.md:75 | |
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/arnarsson/ssh-essentials/SKILL.md:84 | |
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/arnarsson/ssh-essentials/SKILL.md:90 | |
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/arnarsson/ssh-essentials/SKILL.md:96 | |
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/arnarsson/ssh-essentials/SKILL.md:153 | |
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/arnarsson/ssh-essentials/SKILL.md:331 | |
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/arnarsson/ssh-essentials/SKILL.md:332 | |
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/arnarsson/ssh-essentials/SKILL.md:333 | |
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/arnarsson/ssh-essentials/SKILL.md:388 | |
| CRITICAL | Potential Command Injection via SSH Arguments The skill demonstrates various SSH commands (`ssh`, `scp`, `rsync`, `sftp`) which execute shell commands. If an AI agent uses this skill and populates command arguments (e.g., hostname, username, remote command string, file paths) with untrusted user input without proper sanitization, an attacker could inject arbitrary shell commands. Implement robust input validation and sanitization for all arguments passed to shell commands. Avoid directly concatenating untrusted input into command strings. Consider using libraries or functions that safely escape shell arguments. | LLM | SKILL.md:33 | |
| CRITICAL | Arbitrary Script Execution via Piped Input to Remote Shell The command `cat local-script.sh | ssh user@hostname 'bash -s'` allows for the execution of arbitrary script content on a remote server. If the content of `local-script.sh` or the remote command (`bash -s`) is influenced by untrusted input, an attacker can execute arbitrary code on the remote system. Avoid piping untrusted content directly to remote shell interpreters. If remote script execution is necessary, ensure the script source is trusted and arguments are strictly validated and sanitized. | LLM | SKILL.md:343 | |
| CRITICAL | Remote Command Execution with Elevated Privileges (`sudo`) The command `ssh -t user@hostname 'sudo command'` demonstrates executing commands with `sudo` on a remote host. If the `command` string is constructed using untrusted input, an attacker could inject arbitrary commands to be executed with elevated privileges on the remote system. Strictly control and validate any commands intended for execution with `sudo`. Never allow untrusted input to directly form part of a `sudo` command. | LLM | SKILL.md:346 | |
| CRITICAL | Command Injection via `rsync -e` Custom Shell Option The `rsync` command's `-e` option (`rsync -e "ssh -p 2222"`) allows specifying an arbitrary command to be used as the remote shell. If the string provided to `-e` is derived from untrusted input, an attacker could inject and execute arbitrary shell commands. Ensure that the argument to `rsync -e` is always a fixed, trusted command or is rigorously validated and sanitized if dynamic. | LLM | SKILL.md:250 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/id_rsa'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/arnarsson/ssh-essentials/SKILL.md:20 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/id_rsa'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/arnarsson/ssh-essentials/SKILL.md:66 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/id_rsa'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/arnarsson/ssh-essentials/SKILL.md:69 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/id_rsa'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/arnarsson/ssh-essentials/SKILL.md:72 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/id_rsa'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/arnarsson/ssh-essentials/SKILL.md:75 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/id_rsa'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/arnarsson/ssh-essentials/SKILL.md:84 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/id_rsa'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/arnarsson/ssh-essentials/SKILL.md:90 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/id_rsa'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/arnarsson/ssh-essentials/SKILL.md:96 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/config'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/arnarsson/ssh-essentials/SKILL.md:153 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/id_rsa'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/arnarsson/ssh-essentials/SKILL.md:331 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/id_rsa'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/arnarsson/ssh-essentials/SKILL.md:332 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/authorized_keys'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/arnarsson/ssh-essentials/SKILL.md:333 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/config'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/arnarsson/ssh-essentials/SKILL.md:388 | |
| HIGH | Use of `eval` Command The skill demonstrates the use of the `eval` command. `eval` executes its arguments as shell commands, making it a dangerous primitive if any part of its input is derived from untrusted sources. While `$(ssh-agent)` is typically safe, the presence of `eval` in the skill could lead an AI agent to use it in less secure contexts with untrusted input. Avoid `eval` where possible. If `eval` is strictly necessary, ensure that its input is entirely trusted and cannot be influenced by external or untrusted sources. | LLM | SKILL.md:110 | |
| HIGH | System Configuration Modification and Service Restart with Elevated Privileges The skill demonstrates modifying `/etc/ssh/sshd_config` and restarting the `sshd` service using `sudo`. These operations require root privileges and can have system-wide security implications. If an AI agent is instructed to perform these actions with untrusted input for configuration changes or service names, it could lead to privilege escalation or system instability. Restrict an AI agent's ability to execute commands with `sudo`. Any configuration changes or service management operations should be strictly controlled, validated, and performed only with trusted, predefined parameters. | LLM | SKILL.md:289 |
Scan History
Embed Code
[](https://skillshield.io/report/5300099c3d1296a4)
Powered by SkillShield