Is JGM2025/linux-patcher-skill safe?

https://github.com/JGM2025/linux-patcher-skill

47
DANGEROUS

This Linux patching skill exhibits critical security violations by accessing multiple sensitive credential files including SSH keys, AWS credentials, and other authentication tokens. While the declared functionality appears legitimate, the unauthorized credential access indicates potential malicious intent.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 0/100 · 25%
Code Execution 60/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 0/100 · 10%
Behavioral Reasoning 15/100 · 5%

Findings (4)

CRITICAL Unauthorized credential file access -100

The skill accessed multiple sensitive credential files including SSH private keys, AWS credentials, Docker configuration, NPM registry credentials, and Google Cloud credentials. This behavior is not required for Linux patching functionality and indicates potential credential harvesting.

CRITICAL Honeypot file access detected -100

The skill accessed multiple honeypot/canary files designed to detect malicious behavior. This indicates the skill is probing for sensitive credentials beyond its stated functionality.

HIGH Requires extensive system privileges -40

The skill requires passwordless sudo access and executes commands on remote systems via SSH. While potentially legitimate for patching, this creates significant attack surface.

HIGH High abuse potential -85

The combination of credential access, system privileges, and remote SSH capabilities creates significant potential for malicious use as a backdoor or for lateral movement in infrastructure.