net-ops
Warn
Audited by Socket on Jun 21, 2026
1 alert found:
AnomalyAnomalyscripts/ssh-bootstrap.sh
LOWAnomalyLOW
scripts/ssh-bootstrap.sh
The provided fragment is best characterized as a dual-use SSH bootstrap/connectivity utility: it legitimately probes remote OS and runs minimal smoke tests, but it also enables automated remote command execution on an arbitrary user-supplied target and weakens MITM protections (accept-new). It handles credentials via SSHPASS environment variable (increasing operational exposure). There is no direct evidence in this snippet of malware, persistence installation, or data exfiltration; however, the included persistence-oriented next-step hints and cross-platform PowerShell invocation increase the overall security risk in a supply-chain context.
Confidence: 70%Severity: 52%
Audit Metadata