Is ssh-essentials safe?

https://clawhub.ai/Arnarsson/ssh-essentials

90
SAFE

This is a legitimate SSH reference/cheatsheet skill containing standard OpenSSH documentation reformatted for agent consumption. It contains no executable code, no prompt injection attempts, no exfiltration mechanisms, and no malicious behavior. The only risks are inherent to SSH documentation itself — references to sensitive key paths and examples of insecure configurations that an agent might apply without understanding the security implications.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 82/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (5)

LOW SSH key path references in examples -8

The skill references sensitive file paths like ~/.ssh/id_rsa, ~/.ssh/authorized_keys, and ~/.ssh/config as part of standard SSH documentation. While these are legitimate educational examples, an LLM agent could use these paths to read or manipulate SSH keys without the user realizing the sensitivity.

LOW Insecure patterns presented as options -10

The skill includes examples that disable security controls (StrictHostKeyChecking=no, passphrase-less keys, trusted X11 forwarding). While these are documented with appropriate caveats ('not recommended'), an agent may not distinguish between secure and insecure variants when applying them.

LOW SOCKS proxy and tunneling capabilities -5

The skill documents dynamic port forwarding (SOCKS proxy) and SSH tunneling which could be used by an agent to route traffic through remote servers. This is legitimate SSH functionality but could be misused if the agent establishes tunnels without user awareness.

INFO Platform reads .aws/credentials during install -5

The OpenClaw installer runtime accessed .aws/credentials and .env during the skill installation process. This appears to be the platform's own configuration loading behavior, not something initiated by the skill itself. The skill contains no code that could trigger such access.

INFO Skill requests ssh binary dependency -5

The skill metadata declares a dependency on the 'ssh' binary. This is appropriate and expected for an SSH reference skill. The requirement is transparent and minimal.