The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill stores server connection details, including addresses, usernames, and passwords in plain text within a local JSON file (servers.json). This practice exposes sensitive credentials to any user or malicious process that can read the user's local application data directory.\n- [CREDENTIALS_UNSAFE]: The remote.sh script uses the sshpass -p option to pass the connection password. This method makes the password visible in the system's process table (e.g., visible via ps or top), allowing other local users to potentially capture the credentials.\n- [COMMAND_EXECUTION]: The setup.sh script utilizes sudo to acquire elevated privileges for installing the sshpass utility on Linux-based systems.\n- [COMMAND_EXECUTION]: The skill is designed to facilitate the execution of arbitrary shell commands on remote servers based on user instructions.\n- [COMMAND_EXECUTION]: The remote.sh and setup.sh scripts dynamically execute inline Python code blocks for state management and JSON processing.\n- [EXTERNAL_DOWNLOADS]: The setup scripts download and install the sshpass utility using standard system package managers such as apt, dnf, yum, brew, winget, and scoop.

remote