ATR-2026-00156highPrivilege Escalationdraft
SSH Remote Command Execution with Credential Exposure
Detects skills that provide SSH command templates with hardcoded credential paths and remote execution patterns. This skill exposes SSH private key paths in environment variables and provides ready-to-execute remote command templates that could be weaponized for lateral movement or unauthorized access to production servers.
Severity
high
Category
Privilege Escalation
Scan Target
mcp
Author
Threat Cloud LLM Analyzer
Response Actions
alertsnapshot
More Privilege Escalation Rules
ATR-2026-00040criticalPrivilege Escalation and Admin Function AccessATR-2026-00041mediumAgent Scope Creep DetectionATR-2026-00064highOver-Permissioned MCP SkillATR-2026-00107highPrivilege Escalation via Delayed Task Execution BypassATR-2026-00110criticalRemote Code Execution via eval() and Dynamic Code Injection