Skills
skills/spm1001/claude-suite/server-checkup/Gen Agent Trust Hub

server-checkup

Fail

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [Privilege Escalation] (HIGH): The skill provides instructions to configure passwordless sudo access, which bypasses a critical security layer. \n
  • Evidence: File references/ssh-hardening.md contains the command echo "<user> ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/010_<user>-nopasswd.\n- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill references untrusted external documentation to drive terminal configuration changes on the remote host. \n
  • Evidence: File references/terminal-compat.md links to https://ghostty.org/docs/help/terminfo and suggests executing infocmp and tic on derived content.\n- [Dynamic Execution] (MEDIUM): The skill documentation describes an autonomous mode that manages child processes for parallel system auditing. \n
  • Evidence: README.md describes an 'Auto mode' that 'spawns subagents for parallel execution'.\n- [Command Execution] (MEDIUM): The skill performs broad and high-impact system modifications including disabling services and altering authentication configs. \n
  • Evidence: Multiple files contain sudo systemctl commands and direct modification of /etc/ssh/sshd_config.d/ and /etc/apt/ configs.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 21, 2026, 03:24 PM