termux-api

[Skill Scanner] Credential file access detected This Skill documentation is coherent: the capabilities (Termux:API commands) match the stated purpose (remote device control over SSH). There is no hidden or obfuscated malicious code in the provided text. However, the documented capabilities provide broad, sensitive access to a device (camera, mic, SMS, contacts, location, clipboard, and ability to send SMS or make calls). If SSH access is misconfigured, leaked, or compromised, an attacker could exfiltrate sensitive data or perform unwanted actions. Recommend enforcing SSH key-only authentication, limiting remote exposure of the SSH port, using restricted-shell/command whitelisting if possible, and informing users about the sensitive permissions and risks. Overall: benign in intent/documentation but high-risk in capability if misused. LLM verification: This skill is a legitimate Termux:API SSH control guide. It contains no hidden malware, obfuscated code, or third-party exfiltration endpoints. However, it documents high-risk capabilities (camera, microphone, location, SMS, contacts, clipboard, phone calls) that — if SSH credentials or device permissions are mismanaged — enable full data access and remote actions on the device. The static scanner flag referencing ~/.ssh is expected and benign in context but points to a sensitive file. Treat acc