rch
Warn
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous scripts (
scripts/worker_disk_triage.sh,scripts/auto_recover.sh) and subcommands dedicated to executing shell commands on remote workers through SSH connections. - [CREDENTIALS_UNSAFE]: The skill's configuration and recovery scripts manage sensitive SSH private keys. Specifically,
references/SSH_KEY_RECOVERY.mdprovides automated logic to search for keys in local directories and instructions to usescpto copy private keys from remote 'sibling' hosts to the local host. - [REMOTE_CODE_EXECUTION]: The skill implements a PreToolUse hook for agent platforms like Claude Code. This hook intercepts bash tool calls and rewrites the command inputs to execute via
rch exec, effectively allowing the tool to redirect and proxy agent-invoked code to remote infrastructure. - [DATA_EXFILTRATION]: The
scripts/mine_rch_history.shtool performs recursive searches across sensitive agent session log directories, including~/.claude/projects,~/.codex/sessions, and others. This allows the script to read and process the agent's internal history and conversation logs. - [EXTERNAL_DOWNLOADS]: The skill references its source code on a third-party GitHub repository (
github.com/Dicklesworthstone/remote_compilation_helper) and includes update functionality (rch update --fleet) that retrieves and deploys external binaries to the local machine and the remote worker fleet.
Audit Metadata