ssh

https://raw.githubusercontent.com/dicklesworthstone/agent_flywheel_clawdbot_skills_and_integrations/main/skills/ssh/SKILL.md

github.com/dicklesworthstone/agent_flywheel_clawdbot_skills_and_integrations

Scanned Thu, 28 May 2026 17:27:20 GMT

Scan ID crawl-sjd3ipad655d33sd4hx96p2x · 1ms

SCORE 55 / 100

Verdict: Proceed with caution

10 high-severity findings.

This skill reads protected filesystem locations plus 10 other issues listed below.

0 critical10 high1 medium1 rules passed

Why grade C?

score · 55 / 100

The current grade reflects 10 high-severity findings (3+ HIGHs → C).

0 CRIT10 HIGH1 MED0 LOW

To reach a higher grade

B
Reach Btarget score 75
Resolve 8 of 10 HIGH (cap is 2).
A
Reach Atarget score 95
Resolve all 10 HIGH.

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Findings · ordered by severity

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 24CWE-552

▾

22Connect with specific identity:

23```bash

24ssh -i ~/.ssh/my_key user@hostname← sensitive path — credential-exfiltration vector

25```

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 31CWE-552

▾

29Config file location:

30```

31~/.ssh/config← sensitive path — credential-exfiltration vector

32```

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 40CWE-552

▾

38 User deploy

39 Port 22

40 IdentityFile ~/.ssh/myserver_key← sensitive path — credential-exfiltration vector

41 ForwardAgent yes

42```

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 170CWE-552

▾

168Copy specific key:

169```bash

170ssh-copy-id -i ~/.ssh/mykey.pub user@host← sensitive path — credential-exfiltration vector

171```

172

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 182CWE-552

▾

180Add key to agent:

181```bash

182ssh-add ~/.ssh/id_ed25519← sensitive path — credential-exfiltration vector

183```

184

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 187CWE-552

▾

185Add with macOS keychain:

186```bash

187ssh-add --apple-use-keychain ~/.ssh/id_ed25519← sensitive path — credential-exfiltration vector

188```

189

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 197CWE-552

▾

195## Multiplexing (Connection Sharing)

196

197In ~/.ssh/config:← sensitive path — credential-exfiltration vector

198```

199Host *

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 201CWE-552

▾

199Host *

200 ControlMaster auto

201 ControlPath ~/.ssh/sockets/%r@%h-%p← sensitive path — credential-exfiltration vector

202 ControlPersist 600

203```

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 207CWE-552

▾

205Create socket directory:

206```bash

207mkdir -p ~/.ssh/sockets← sensitive path — credential-exfiltration vector

208```

209

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 219CWE-552

▾

217Scan and add host key:

218```bash

219ssh-keyscan hostname >> ~/.ssh/known_hosts← sensitive path — credential-exfiltration vector

220```

221

med

No capability manifest declared

The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.

rule: no-manifest

▾

Scan another →Share

skillox.io/r/crawl-sjd3ipad655d33sd4hx96p2x