ssh-manager
Warn
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides several scripts (
exec.sh,connect.sh) that facilitate arbitrary remote command execution on hosts via SSH. This is a primary feature of the skill but inherently carries risk if the agent is directed to execute malicious strings. - [COMMAND_EXECUTION]: The scripts take user-provided arguments (hostname, command, ports) and interpolate them directly into shell commands. While used within a controlled administrative context, this presents a surface for command injection if input is not carefully handled by the calling agent.
- [DATA_EXFILTRATION]: The skill allows the agent to read and potentially modify sensitive local SSH configuration files (
~/.ssh/known_hosts,~/.ssh/config) and internal memory files (~/clawd/MEMORY.md). - [SAFE]: The skill consistently uses
-o StrictHostKeyChecking=noand-o UserKnownHostsFile=/dev/null. While this is a security best practice violation in standard environments as it enables Machine-in-the-Middle (MitM) attacks, it is documented here as a workaround for dynamic IP addresses within a private Tailscale network, which is a common (though risky) administrative pattern. - [DATA_EXFILTRATION]: The
check-host.shscript performs port scanning on the target remote IP, which could be used for internal network reconnaissance.
Audit Metadata