ss-cli
Warn
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The
ss-cli runcommand is designed to execute arbitrary shell commands (e.g.,docker-compose up) with secrets injected as environment variables. This capability could be exploited if an attacker can influence the command or its arguments. - [CREDENTIALS_UNSAFE]: Although the documentation advises against it, the provided examples demonstrate passing sensitive values directly on the command line (e.g.,
ss-cli update <id> --field password=<new-value>). This practice makes credentials visible in system process listings and command history. - [COMMAND_EXECUTION]: The skill provides patterns for remote deployment that involve piping sensitive configuration data to
sshand executing commands withsudoon remote hosts. This combination increases the impact of any command injection or unauthorized access.
Audit Metadata