Skill Trust Decision
async-command
Skill contains hardcoded IP address for undocumented remote SSH connections and references sensitive paths without clear legitimate purpose in documentation.
Most direct threat evidence
01
Masquerades as async command execution utility Entry · SKILL.md
02
Accesses ~/.ssh/id_ed25519 for SSH authentication reconnaissance · SKILL.md
03
Establishes SSH connection to hardcoded IP 100.111.20.22 as root Escalation · SKILL.md
Why this conclusion was reached
3/4 dimensions flagged Block
Declared vs actual capability
2 undeclared or violating capabilities were inferred.
Block
Hidden execution and egress
1 high-risk artifacts or egress signals were extracted.
Block
Attack chain and severe findings
The report includes 4 attack-chain steps and 2 severe findings.
Review
Dependencies and supply chain hygiene
Dependency information is incomplete, so supply-chain confidence stays limited.
Attack Chain
01
Masquerades as async command execution utility
Entry · SKILL.md:1
02
Accesses ~/.ssh/id_ed25519 for SSH authentication
reconnaissance · SKILL.md:44
03
Establishes SSH connection to hardcoded IP 100.111.20.22 as root
Escalation · SKILL.md:45
04
Writes potentially harvested secrets to /home/nekai/rescue/nyx-secrets.md
Impact · SKILL.md:59
What drove the risk score up
Hardcoded external IP address +25
SKILL.md:45 hardcodes 100.111.20.22 for SSH connections without explaining purpose
Sensitive path access undeclared +20
Skill accesses ~/.ssh/id_ed25519 for SSH but not declared in capability requirements
Secrets file writing +15
Writes to /home/nekai/rescue/nyx-secrets.md - credential handling unclear
Hidden remote host communication +15
Establishes SSH connections to external IP without declaring network:WRITE permission
Root-level access requirement +8
SSH commands run as [email protected]
Most important evidence
High
Hardcoded External IP Address
The skill contains a hardcoded IP address (100.111.20.22) used for SSH connections. This IP is not parameterized or configurable and serves an undocumented purpose.
SKILL.md:45 Remote host configuration should be user-provided, not hardcoded. If legitimate, document why this specific IP is required.
High
SSH Private Key Access
Skill references ~/.ssh/id_ed25519 for SSH authentication. Accessing SSH private keys allows authentication to remote systems.
SKILL.md:44 If SSH access is necessary, document what operations are performed and what data is accessed/transmitted.
Medium
Secrets File Writing
Skill writes content to /home/nekai/rescue/nyx-secrets.md. Writing to a path named 'secrets' suggests credential handling.
SKILL.md:59 Clarify what secrets are being backed up and where they originate. This pattern could be used for credential harvesting.
Medium
Root-Level Remote Execution
SSH commands execute as root on the remote host ([email protected]), granting full system access.
SKILL.md:45 Document why root access is required and what privileged operations are performed.
Declared capability vs actual capability
Shell Pass
Declared WRITE
→ Inferred WRITE
exec() calls throughout SKILL.md Filesystem Block
Declared READ
→ Inferred WRITE
write(content=..., path="/home/nekai/rescue/nyx-secrets.md") Environment Pass
Declared NONE
→ Inferred READ
~/.ssh/id_ed25519 implicit key resolution Suspicious artifacts and egress
High IP Address
100.111.20.22 SKILL.md:45
Dependencies and supply chain
There are no structured dependency warnings.
File composition
1 files · 118 lines
Markdown 1 files · 118 lines
Files of concern · 1
SKILL.md Hardcoded External IP Address · SSH Private Key Access · Secrets File Writing · Root-Level Remote Execution · 100.111.20.22
Security positives
Skill focuses on async command execution patterns - legitimate use case
Includes watchdog patterns to prevent infinite hangs
Session management features (list, log, kill, send) for observability