Scan Report
10 /100
ssh-handoff
Create and reuse a secure shared terminal handoff when a human must authenticate first and the agent must resume work in the same shell session afterward. Use for SSH handoff, sudo handoff, browser-opened temporary terminal access, or LAN-restricted terminal sharing backed by tmux.
A legitimate terminal handoff skill using tmux + ttyd for human/agent shared sessions. All shell execution, process management, and network features are fully declared and directly serve the stated purpose. The hardcoded TEST-NET IPs (192.0.2.x) are documented-only placeholders. No credential harvesting, exfiltration, or obfuscation found.
Safe to install
Skill is safe to use. The only actionable improvement is to clarify that the hardcoded 192.0.2.x addresses in SKILL.md are documentation-only TEST-NET placeholders (already evident from context, but explicit labeling would eliminate ambiguity).
Findings 2 items
| Severity | Finding | Location |
|---|---|---|
| Low | Hardcoded RFC 5737 TEST-NET IP addresses in SKILL.md | SKILL.md:122 |
| Low | Node.js runs with full environment variables | scripts/start-url-token-web-terminal.sh:266 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md declares tmux/ttyd/node/bash usage; all shell invocations in scripts ar… |
| Filesystem | READ | WRITE | ✓ Aligned | mktemp, state files, metadata files, cleanup scripts — all scoped to /tmp/ssh-ha… |
| Network | READ | WRITE | ✓ Aligned | SKILL.md guardrails document LAN browser-terminal modes; all network use is for … |
| Environment | NONE | READ | ✓ Aligned | Reads HOST, PORT, CLIENT_IP, TTL_MINUTES, etc. from environment — only for confi… |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No direct browser automation; ttyd serves a web terminal but is a declared confi… |
| Database | NONE | NONE | — | No database access |
2 High 4 findings
High IP Address 硬编码 IP 地址
192.0.2.10 SKILL.md:122 High IP Address 硬编码 IP 地址
192.0.2.20 SKILL.md:122 Medium External URL 外部 URL
https://$EXPECTED_HOST scripts/start-url-token-web-terminal.sh:229 Medium External URL 外部 URL
http://$EXPECTED_HOST scripts/start-url-token-web-terminal.sh:231 File Tree
9 files · 41.5 KB · 1376 lines Markdown 5f · 555L
Shell 3f · 484L
JavaScript 1f · 337L
├─
▾
references
│ ├─
design-notes.md
Markdown
│ ├─
examples.md
Markdown
│ └─
lan-restricted.md
Markdown
├─
▾
scripts
│ ├─
start-local-web-terminal.sh
Shell
│ ├─
start-url-token-web-terminal.sh
⚠
Shell
│ ├─
stop-local-web-terminal.sh
Shell
│ └─
url-token-proxy.js
⚠
JavaScript
├─
README.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ Comprehensive guardrails documented in SKILL.md: no public tunnels, no external channels, no credential pasting in chat
✓ TTL-based automatic cleanup of all temporary processes and files
✓ One-shot token pattern prevents URL replay attacks
✓ Strict Host header and Origin checks in the proxy prevent request smuggling
✓ IP allowlisting for LAN mode restricts access to a single trusted client IP
✓ FORBID_REUSE_IF_AUTHENTICATED prevents accidental re-exposure of already-authenticated sessions
✓ Port conflict detection prevents the launcher from killing existing processes silently
✓ No credential harvesting: secrets.token_urlsafe() generates only ephemeral one-shot tokens
✓ No external network connections: ttyd backend binds to localhost, proxy binds to configured HOST
✓ No obfuscation techniques (base64, eval, atob) anywhere in the codebase
✓ Source is readable and auditable; no minified or obfuscated code
✓ Well-structured references (design-notes.md, examples.md, lan-restricted.md) clarify security rationale