ssh-penetration-testing
Warn
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes several powerful CLI tools for network operations, including
nmapfor scanning,hydraandmedusafor brute-force attacks, andncfor banner grabbing. - [CREDENTIALS_UNSAFE]: The instructions explicitly guide the agent to locate and attempt to use sensitive private key files from standard locations such as
~/.ssh/id_rsa,/root/.ssh/, and/etc/ssh/ssh_host_*_key. - [DATA_EXFILTRATION]: The skill includes patterns for using
curlto fetch sensitive information (e.g., private keys) from external web servers, which could be used to retrieve or inadvertently expose credentials.
Audit Metadata