安全决策报告
async-command
Skill contains hardcoded IP address for undocumented remote SSH connections and references sensitive paths without clear legitimate purpose in documentation.
最直接的威胁证据
01
Masquerades as async command execution utility 初始入口 · SKILL.md
02
Accesses ~/.ssh/id_ed25519 for SSH authentication reconnaissance · SKILL.md
03
Establishes SSH connection to hardcoded IP 100.111.20.22 as root 权限提升 · SKILL.md
为什么得出这个结论
3/4 个维度触发 阻止
声明与实际能力
发现 2 项声明之外的能力或越权行为。
阻止
隐藏执行与外联
提取到 1 个高危 IOC 或外联信号。
阻止
攻击链与高危发现
报告包含 4 步攻击链,另有 2 项高危或严重发现。
复核
依赖与供应链卫生
没有完整依赖信息,供应链判断需要保留弹性。
攻击链
01
Masquerades as async command execution utility
初始入口 · SKILL.md:1
02
Accesses ~/.ssh/id_ed25519 for SSH authentication
reconnaissance · SKILL.md:44
03
Establishes SSH connection to hardcoded IP 100.111.20.22 as root
权限提升 · SKILL.md:45
04
Writes potentially harvested secrets to /home/nekai/rescue/nyx-secrets.md
最终危害 · SKILL.md:59
风险分是怎么被拉高的
Hardcoded external IP address +25
SKILL.md:45 hardcodes 100.111.20.22 for SSH connections without explaining purpose
Sensitive path access undeclared +20
Skill accesses ~/.ssh/id_ed25519 for SSH but not declared in capability requirements
Secrets file writing +15
Writes to /home/nekai/rescue/nyx-secrets.md - credential handling unclear
Hidden remote host communication +15
Establishes SSH connections to external IP without declaring network:WRITE permission
Root-level access requirement +8
SSH commands run as [email protected]
最关键的证据
高危
Hardcoded External IP Address
The skill contains a hardcoded IP address (100.111.20.22) used for SSH connections. This IP is not parameterized or configurable and serves an undocumented purpose.
SKILL.md:45 Remote host configuration should be user-provided, not hardcoded. If legitimate, document why this specific IP is required.
高危
SSH Private Key Access
Skill references ~/.ssh/id_ed25519 for SSH authentication. Accessing SSH private keys allows authentication to remote systems.
SKILL.md:44 If SSH access is necessary, document what operations are performed and what data is accessed/transmitted.
中危
Secrets File Writing
Skill writes content to /home/nekai/rescue/nyx-secrets.md. Writing to a path named 'secrets' suggests credential handling.
SKILL.md:59 Clarify what secrets are being backed up and where they originate. This pattern could be used for credential harvesting.
中危
Root-Level Remote Execution
SSH commands execute as root on the remote host ([email protected]), granting full system access.
SKILL.md:45 Document why root access is required and what privileged operations are performed.
声明能力 vs 实际能力
命令执行 通过
声明 WRITE
→ 推断 WRITE
exec() calls throughout SKILL.md 文件系统 阻止
声明 READ
→ 推断 WRITE
write(content=..., path="/home/nekai/rescue/nyx-secrets.md") 环境变量 通过
声明 NONE
→ 推断 READ
~/.ssh/id_ed25519 implicit key resolution 可疑产物与外联
高危 IP 地址
100.111.20.22 SKILL.md:45
依赖与供应链
没有结构化依赖告警。
文件构成
1 个文件 · 118 行
Markdown 1 个文件 · 118 行
需关注文件 · 1
SKILL.md Hardcoded External IP Address · SSH Private Key Access · Secrets File Writing · Root-Level Remote Execution · 100.111.20.22
安全亮点
Skill focuses on async command execution patterns - legitimate use case
Includes watchdog patterns to prevent infinite hangs
Session management features (list, log, kill, send) for observability