ssh-penetration-testing

Prevent the tool from reading environment variables and sending them to external endpoints. If env access is needed, restrict it to specific variable names via an allowlist.

Likely FP if the match is documentation about how to configure environment variables, not code that reads and transmits them.

Block access to git credentials, SSH keys, and repository tokens. If git operations are needed, use scoped deploy keys and restrict the tool to specific repositories.

Likely FP if the match is documentation about git configuration (e.g., setting up git credentials helper) rather than code that reads and transmits them.

Prevent the tool from reading environment variables and sending them to external endpoints. If env access is needed, restrict it to specific variable names via an allowlist.

Likely FP if the match is documentation about how to configure environment variables, not code that reads and transmits them.

Prevent the tool from reading environment variables and sending them to external endpoints. If env access is needed, restrict it to specific variable names via an allowlist.

Likely FP if the match is documentation about how to configure environment variables, not code that reads and transmits them.

Verify the integrity of downloaded binaries or archives using SHA-256 checksums or GPG signatures. Pin download URLs to specific versions and avoid fetching from unverified sources.

Likely FP if the download is from github.com or githubusercontent.com for a specific tagged release with documented checksums.

Restrict the shell tool to specific allowlisted commands using a command prefix or regex filter. Avoid granting broad shell access in agent tool definitions.

Likely FP if the skill is a development environment tool where shell access is the intended and documented core feature.

Restrict code execution tools to specific languages and sandbox the runtime environment. Use a container or VM-based sandbox instead of running code directly on the host.

Likely FP if the MCP tool is a dedicated code runner (e.g., Jupyter kernel) with documented sandboxing and no network access.

Restrict code execution tools to specific languages and sandbox the runtime environment. Use a container or VM-based sandbox instead of running code directly on the host.

Likely FP if the MCP tool is a dedicated code runner (e.g., Jupyter kernel) with documented sandboxing and no network access.

Restrict the shell tool to specific allowlisted commands using a command prefix or regex filter. Avoid granting broad shell access in agent tool definitions.

Likely FP if the skill is a development environment tool where shell access is the intended and documented core feature.

Restrict code execution tools to specific languages and sandbox the runtime environment. Use a container or VM-based sandbox instead of running code directly on the host.

Likely FP if the MCP tool is a dedicated code runner (e.g., Jupyter kernel) with documented sandboxing and no network access.

Restrict the shell tool to specific allowlisted commands using a command prefix or regex filter. Avoid granting broad shell access in agent tool definitions.

Likely FP if the skill is a development environment tool where shell access is the intended and documented core feature.