First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
4
Score
76/100
Findings (4)
Detects skills that both read sensitive credential files and send data to external services
cat ~/.ssh + Forward local port to remoteBlock access to git credentials, SSH keys, and repository tokens. If git operations are needed, use scoped deploy keys and restrict the tool to specific repositories.
Likely FP if the match is documentation about git configuration (e.g., setting up git credentials helper) rather than code that reads and transmits them.
Detects reading files piped directly to network commands
cat ~/.ssh/id_rsa.pub |Restrict file uploads to user-initiated actions with explicit confirmation. Block programmatic upload of sensitive files (keys, configs, credentials) to external services.
Likely FP if the skill is a file-sharing tool where uploading is the documented core feature and destinations are user-configured.
Detects reads of sensitive system or credential files
cat ~/.sshPrevent the tool from reading environment variables and sending them to external endpoints. If env access is needed, restrict it to specific variable names via an allowlist.
Likely FP if the match is documentation about how to configure environment variables, not code that reads and transmits them.
Detects SSH or SCP commands referencing private key files
ssh -i ~/.ssh/id_rsaRemove the SSH private key path from command-line arguments. Use SSH agent forwarding or an SSH config file (~/.ssh/config) with restricted key file permissions (chmod 600).
Likely FP if the command references a well-known default key path (e.g., ~/.ssh/id_rsa) in documentation about SSH configuration, without exposing key contents.