扫描报告
10 /100
ssh-handoff
Create and reuse a secure shared terminal handoff when a human must authenticate first and the agent must resume work in the same shell session afterward. Use for SSH handoff, sudo handoff, browser-opened temporary terminal access, or LAN-restricted terminal sharing backed by tmux.
A legitimate terminal handoff skill using tmux + ttyd for human/agent shared sessions. All shell execution, process management, and network features are fully declared and directly serve the stated purpose. The hardcoded TEST-NET IPs (192.0.2.x) are documented-only placeholders. No credential harvesting, exfiltration, or obfuscation found.
可以安装
Skill is safe to use. The only actionable improvement is to clarify that the hardcoded 192.0.2.x addresses in SKILL.md are documentation-only TEST-NET placeholders (already evident from context, but explicit labeling would eliminate ambiguity).
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Hardcoded RFC 5737 TEST-NET IP addresses in SKILL.md | SKILL.md:122 |
| 低危 | Node.js runs with full environment variables | scripts/start-url-token-web-terminal.sh:266 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md declares tmux/ttyd/node/bash usage; all shell invocations in scripts ar… |
| 文件系统 | READ | WRITE | ✓ 一致 | mktemp, state files, metadata files, cleanup scripts — all scoped to /tmp/ssh-ha… |
| 网络访问 | READ | WRITE | ✓ 一致 | SKILL.md guardrails document LAN browser-terminal modes; all network use is for … |
| 环境变量 | NONE | READ | ✓ 一致 | Reads HOST, PORT, CLIENT_IP, TTL_MINUTES, etc. from environment — only for confi… |
| 技能调用 | NONE | NONE | — | No cross-skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No direct browser automation; ttyd serves a web terminal but is a declared confi… |
| 数据库 | NONE | NONE | — | No database access |
2 高危 4 项发现
高危 IP 地址 硬编码 IP 地址
192.0.2.10 SKILL.md:122 高危 IP 地址 硬编码 IP 地址
192.0.2.20 SKILL.md:122 中危 外部 URL 外部 URL
https://$EXPECTED_HOST scripts/start-url-token-web-terminal.sh:229 中危 外部 URL 外部 URL
http://$EXPECTED_HOST scripts/start-url-token-web-terminal.sh:231 目录结构
9 文件 · 41.5 KB · 1376 行 Markdown 5f · 555L
Shell 3f · 484L
JavaScript 1f · 337L
├─
▾
references
│ ├─
design-notes.md
Markdown
│ ├─
examples.md
Markdown
│ └─
lan-restricted.md
Markdown
├─
▾
scripts
│ ├─
start-local-web-terminal.sh
Shell
│ ├─
start-url-token-web-terminal.sh
⚠
Shell
│ ├─
stop-local-web-terminal.sh
Shell
│ └─
url-token-proxy.js
⚠
JavaScript
├─
README.md
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ Comprehensive guardrails documented in SKILL.md: no public tunnels, no external channels, no credential pasting in chat
✓ TTL-based automatic cleanup of all temporary processes and files
✓ One-shot token pattern prevents URL replay attacks
✓ Strict Host header and Origin checks in the proxy prevent request smuggling
✓ IP allowlisting for LAN mode restricts access to a single trusted client IP
✓ FORBID_REUSE_IF_AUTHENTICATED prevents accidental re-exposure of already-authenticated sessions
✓ Port conflict detection prevents the launcher from killing existing processes silently
✓ No credential harvesting: secrets.token_urlsafe() generates only ephemeral one-shot tokens
✓ No external network connections: ttyd backend binds to localhost, proxy binds to configured HOST
✓ No obfuscation techniques (base64, eval, atob) anywhere in the codebase
✓ Source is readable and auditable; no minified or obfuscated code
✓ Well-structured references (design-notes.md, examples.md, lan-restricted.md) clarify security rationale