ssh-tunnel

Prevent the tool from reading environment variables and sending them to external endpoints. If env access is needed, restrict it to specific variable names via an allowlist.

Likely FP if the match is documentation about how to configure environment variables, not code that reads and transmits them.

Restrict file uploads to user-initiated actions with explicit confirmation. Block programmatic upload of sensitive files (keys, configs, credentials) to external services.

Likely FP if the skill is a file-sharing tool where uploading is the documented core feature and destinations are user-configured.

Block access to git credentials, SSH keys, and repository tokens. If git operations are needed, use scoped deploy keys and restrict the tool to specific repositories.

Likely FP if the match is documentation about git configuration (e.g., setting up git credentials helper) rather than code that reads and transmits them.

Remove the SSH private key path from command-line arguments. Use SSH agent forwarding or an SSH config file (~/.ssh/config) with restricted key file permissions (chmod 600).

Likely FP if the command references a well-known default key path (e.g., ~/.ssh/id_rsa) in documentation about SSH configuration, without exposing key contents.

Remove the SSH private key path from command-line arguments. Use SSH agent forwarding or an SSH config file (~/.ssh/config) with restricted key file permissions (chmod 600).

Likely FP if the command references a well-known default key path (e.g., ~/.ssh/id_rsa) in documentation about SSH configuration, without exposing key contents.