vps-security-hardening

SUSPICIOUS: The skill’s capabilities mostly match its stated VPS-hardening purpose, and installs come mainly from official OS/package-manager sources. However, it requires highly sensitive passwords, encourages temporarily enabling root password SSH, relies on sshpass to automate credentials, and references an unreviewed automation script. Data flows are mostly proportionate, with only optional direct-to-official webhook posting, but the combination of credential handling and high-impact remote admin actions makes this a medium-to-high security risk rather than benign.