pty-bridge

SUSPICIOUS: The skill’s capabilities match its purpose, but that purpose is inherently high impact: it grants the agent interactive local and remote terminal control, including SSH and password entry. The main risks are broad command authority, credential handling through the PTY tool, and missing provenance for the underlying `pty-bridge` binary; there is no clear evidence of hidden exfiltration or malware in the skill text itself.

No explicit malware/persistence/obfuscation indicators are present in this module. However, it exposes a high-privilege PTY execution and output-disclosure interface over a UNIX socket without authentication/authorization checks. If SOCKET_PATH permissions or deployment assumptions are wrong, this becomes a local command execution and potential data exfiltration channel for anyone who can connect. Security posture is therefore dominated by access control around the socket and the Session implementation, not by hidden malicious behavior in this file.