SSH Penetration Testing

[Skill Scanner] URL pointing to executable file detected All findings: [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This skill is an explicit, actionable SSH penetration-testing playbook. It is internally consistent with its stated purpose — the capabilities align with SSH pentesting — but it contains numerous high-risk, offensive operations (credential brute-force, searching for and using private keys, writing persistent public keys to remote authorized_keys, tunneling for pivoting, and evasion techniques). While legitimate for authorized pentesting, the content is easily repurposable for unauthorized attacks. Because it contains persistence/backdoor guidance and credential-harvesting steps and lacks technical safeguards, it should be treated as high-risk and distributed only with strict authorization controls and explicit legal/safety checks. LLM verification: This skill is an explicit SSH penetration-testing guide that contains high-risk offensive techniques: credential harvesting examples, brute-force workflows, and reverse forwarding (callback) patterns. The capabilities are consistent with the stated purpose, but they enable actions that can be malicious if used without authorization. There is no evidence of hidden or obfuscated malware in the provided text, but the instructions pose a substantial security risk if executed by an agent without stri