Skills
skills/ascend-ai-coding/awesome-ascend-skills/remote-server-guide/Gen Agent Trust Hub

remote-server-guide

Warn

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The reference files references/tools/paramiko-advanced.md and references/tools/fabric-advanced.md provide Python code templates that construct shell commands for remote execution using f-strings (e.g., self.exec(f'docker run -d --name {name} {image}')). This method of command construction lacks sanitization, making the resulting scripts vulnerable to command injection if untrusted user input is used for parameters like container names or images.
  • [CREDENTIALS_UNSAFE]: Multiple reference files, including references/tools/sshpass.md and references/ssh-examples.md, demonstrate passing passwords in plaintext via command-line arguments (using sshpass -p) or hardcoded strings. Although the skill suggests more secure methods like SSH keys, providing these patterns in documentation increases the risk of accidental credential exposure in process lists and logs.
  • [EXTERNAL_DOWNLOADS]: The skill describes installing well-known system utilities and libraries such as tmux, sshpass, paramiko, and fabric using standard package managers like apt-get and pip from official registries. These runtime installation processes require elevated privileges for system-level changes.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 18, 2026, 03:04 AM
Security Audit — agent-trust-hub — remote-server-guide