Trust Assessment
ssh-exec received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unsanitized command execution via SSH, Potential command injection via SSH environment variables.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unsanitized command execution via SSH The skill's primary function is to execute a user-provided command on a remote host via SSH. If the command string, which is implicitly an input to the skill, is not rigorously sanitized and escaped before being passed to the `ssh` binary, an attacker can inject arbitrary shell commands. This could lead to remote code execution on the target system or manipulation of the local `ssh` command, bypassing intended security measures. Implement robust input sanitization and shell escaping for all user-provided command arguments before constructing and executing the `ssh` command. Utilize a library or function designed for safe shell argument handling (e.g., `shlex.quote` in Python) to prevent injection. Avoid direct concatenation of untrusted user input into shell commands. | LLM | SKILL.md:10 | |
| HIGH | Potential command injection via SSH environment variables The skill uses environment variables such as `SSH_TARGET`, `SSH_HOST`, and `SSH_PORT` to construct the `ssh` command. If these environment variables can be controlled by untrusted input without proper validation or sanitization, an attacker could inject additional `ssh` arguments (e.g., `-o ProxyCommand=...`) or manipulate the target host/port. This could lead to command injection, redirection to malicious servers, or other unintended `ssh` behavior. Ensure that environment variables used to construct `ssh` commands are either strictly controlled by the skill developer or, if user-controlled, are rigorously validated and sanitized. Implement allow-lists for acceptable values for hostnames and ports. Avoid passing raw user input directly into `ssh` arguments via environment variables without proper escaping or validation. | LLM | SKILL.md:17 |
Scan History
Embed Code
[](https://skillshield.io/report/40236d816323077e)
Powered by SkillShield