Trust Assessment
ssh-manager received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 16 findings: 7 critical, 8 high, 1 medium, and 0 low severity. Key findings include File read + network send exfiltration, Missing required field: name, Sensitive path access: SSH key/config.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings16
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/sa9saq/ssh-manager/SKILL.md:13 | |
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/sa9saq/ssh-manager/SKILL.md:15 | |
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/sa9saq/ssh-manager/SKILL.md:25 | |
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/sa9saq/ssh-manager/SKILL.md:35 | |
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/sa9saq/ssh-manager/SKILL.md:61 | |
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/sa9saq/ssh-manager/SKILL.md:69 | |
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/sa9saq/ssh-manager/SKILL.md:70 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/config'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/sa9saq/ssh-manager/SKILL.md:13 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/config'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/sa9saq/ssh-manager/SKILL.md:15 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/id_ed25519'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/sa9saq/ssh-manager/SKILL.md:25 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/id_ed25519'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/sa9saq/ssh-manager/SKILL.md:35 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/config'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/sa9saq/ssh-manager/SKILL.md:61 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/config'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/sa9saq/ssh-manager/SKILL.md:69 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/config'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/sa9saq/ssh-manager/SKILL.md:70 | |
| HIGH | Potential Command Injection via LLM-implemented Input Validation The skill instructs the LLM to perform various shell operations, including generating SSH keys (`ssh-keygen`), modifying SSH configuration files (implied `echo` or `sed` operations on `~/.ssh/config`), and testing connections (`ssh`). Several parameters for these commands (e.g., hostname, username, key comment, key filename, host alias, and content for config blocks) are derived from user input. While the skill explicitly defines input validation rules (e.g., 'Reject any input containing shell metacharacters (`;`, `|`, `&`, `$`, `` ` ``)'), the actual implementation and strict enforcement of these rules rely entirely on the host LLM. A failure by the LLM to perfectly apply these validations before constructing and executing shell commands could lead to arbitrary command injection, allowing an attacker to execute malicious commands on the host system. Implement robust, explicit input sanitization and escaping mechanisms within the skill's execution environment, rather than solely relying on the LLM to infer and apply validation rules. For shell commands, use parameterized execution where possible, or strictly quote and escape all user-supplied arguments. Ensure all user-controlled strings passed to `ssh-keygen`, `ssh`, or file modification commands are thoroughly sanitized against shell metacharacters before execution. | LLM | SKILL.md:59 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/sa9saq/ssh-manager/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/41978861baa24379)
Powered by SkillShield