Files
Nexus/.skills/nexus-ssh-safety/SKILL.md
T
2026-07-08 22:31:31 +08:00

1.5 KiB

name, description
name description
nexus-ssh-safety Use when reviewing or editing Nexus code that executes commands on managed servers over SSH, including file manager, transfer, archive, agent install, and BT panel bootstrap flows.

Nexus SSH Safety

Use for any Nexus feature that builds shell commands or transfers files over SSH.

Command construction rules

  • Prefer argument arrays/local library APIs when available; otherwise quote every dynamic shell token with shlex.quote.
  • Insert -- before filename/path operands for commands that parse options: m, mv, cp, ar, zip, chmod, chown, etc.
  • Never concatenate unquoted user input into shell command strings.
  • Keep timeouts explicit for network/SSH work; avoid unbounded commands.
  • Truncate or sanitize command output before returning it to API clients.
  • Do not log secrets or full credential-bearing URLs.

Path and archive rules

  • Normalize paths with POSIX semantics for remote Linux paths.
  • Reject empty paths where dangerous, root/system paths for recursive destructive operations, and traversal where the feature expects a bounded directory.
  • Archive creation must protect member names beginning with -.
  • Archive extraction must validate member names and types before extraction.
  • Temporary files/directories must be unique and cleaned best-effort.

script_service exception

script_service intentionally lets administrators run arbitrary shell. Treat it as a privileged admin feature, not an injection bug. Still check admin auth, audit logs, timeout, output size, and secret redaction.