Skills
skills/davila7/claude-code-templates/SSH Penetration Testing/Snyk

SSH Penetration Testing

Fail

Audited by Snyk on Feb 15, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt contains numerous examples that embed secrets verbatim (literal passwords in code, an ssh public/key string added to authorized_keys, curl commands to fetch id_rsa, and commands that print username:password), so an LLM following it would be instructed to handle and output secret values directly.

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.90). These URLs are highly suspicious because they expose private SSH keys and an archive of SSH keys over HTTP (e.g., /.ssh/id_rsa, id_rsa, backup/ssh_keys.tar.gz) on an external host — a critical credential exposure that can enable unauthorized access or distribution of malicious access artifacts (localhost:8080 is a local service reference and not a safe external download).

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The skill content is high-risk: it contains explicit, actionable instructions for SSH credential brute-forcing and enumeration, key theft checks, tunneling/pivoting, reverse shell callbacks, and instructions to add persistent authorized_keys entries—techniques that enable unauthorized access, backdoors, and post-exploitation compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs fetching arbitrary web-hosted files (e.g., "curl -s http://target.com/.ssh/id_rsa" and similar curl/wget checks) so the agent would retrieve and interpret untrusted public web content from target URLs.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill contains explicit, actionable instructions to modify system files and persist access (for example appending to /etc/proxychains.conf and adding keys to ~/.ssh/authorized_keys), perform post‑exploitation and reverse shells, and run brute‑force/exploit workflows that can change the machine's state and require elevated privileges.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 15, 2026, 08:23 PM