remote-cluster-agent

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill installs a persistent cluster-side agent that executes arbitrary shell commands over a long-lived SSH channel (remote code execution/backdoor capability), auto-deploys that agent without explicit manual confirmation, and instructs the client to weaken SSH host-key checking—together these are high-risk patterns enabling unauthorized remote control or data exfiltration even though no explicit external exfiltration endpoints are hard-coded.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs modifying SSH config (~/.ssh/config) with insecure options, writing config and agent files, and auto-deploying server/agent code (changing the machine’s runtime state and security posture), which can compromise the host.