lirrensi/essh
skills/essh/SKILL.md
Portable SSH profile manager for agents. Run remote commands on saved hosts by friendly name instead of typing user@host -i key every time. Type less crap around your SSH commands.
$ install --global
skillsauthnpx skillsauth add lirrensi/agent-cli-helpers esshInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 5, 2026, 6:55 AM138.5s1 file scanned
SKILL.md
- name:
- essh
- description:
- >
ESSH Skill
Abstracts SSH so you type less crap around your commands.
The human sets up profiles (essh add ...). You just use them.
Installation Check
essh --help
If not installed:
uv tool install "git+https://github.com/lirrensi/agent-sommelier"
Usage
List available profiles
essh list --json
Run a command on a saved host
essh <name> <command>
That's it. No -i key.pem, no user@host:22. Just the name.
Examples
essh list --json
# → [{"name": "coral-fox", "user": "deploy", "host": "192.168.1.50", "port": 22, "key_path": ""}]
essh coral-fox "uname -a"
essh coral-fox "systemctl status nginx"
essh prod-web "tail -n 100 /var/log/app.log"
## Command Filters
The human may set up command filter rules to control what you can run on
each host. Filters use wildcard matching with three actions:
- **allow** — The command runs without any prompting.
- **ask** — The command is blocked until the human authorizes it (same
authorization flow as the connection itself).
- **deny** — The command is rejected immediately with an error message.
There is no way to bypass this.
### Checking if filters are defined
```bash
# Global filters (apply to all hosts)
essh filter list global
# Per-host filters (apply to a specific host)
essh filter list <name>
How filters affect you
-
When you run
essh <name> "<command>", essh checks all filter rules (global first, then per-host) from top to bottom. The last matching rule wins. -
If a deny rule matches: the command is rejected. You will see something like:
❌ BLOCKED: This command is blocked by a filter rule. Command: rm -rf /etc -
If an ask rule matches: in non-TTY mode, essh creates an authorization request showing the exact command. The human sees:
Pending request for 'prod-web': Command: rm -rf /var/logThey must run
essh authorize <name>for the command to proceed. -
If an allow rule matches, or no rule matches: the command runs normally through the existing authorization gate.
Pattern syntax
The same wildcard rules as opencode (anomalyco) permission system:
| Pattern | Matches | Doesn't match |
|---|---|---|
| rm * | rm, rm -rf / | rmdir |
| shutdown * | shutdown, shutdown -h now | shutdown with no args? yes, actually |
| git * | git, git status | (anything starting with git) |
| rm -rf * | rm -rf /, rm -rf . | rm -r |
Key rule: * in patterns like rm * makes the trailing space and arguments optional — so rm * matches both bare rm and rm -rf /.
If you get blocked and think it's a mistake, tell the human:
The command "..." was blocked by a filter rule.
You may need to add an ``--action allow`` rule or adjust the pattern.
Related Skills
lirrensi/engage
development
VerifiedTrustedCommunity
Autonomous execution mode triggered by the word "engage". Use when the user has finished planning and wants the agent to execute autonomously without further questions until the workflow is fully complete. The agent must build, test, verify, and deliver proof of work — never exiting with an incomplete or unverified result. Trigger on: "engage", "go autonomous", "execute the plan", "run it", "make it happen", or any explicit signal to switch from planning mode into fully autonomous build-and-verify mode.
4SKILL.mdUpdated May 27, 2026
lirrensi/task-system
tools
VerifiedTrustedCommunity
Use this skill when you need to manage project tasks — create, update, complete, prioritize, filter, review, track dependencies, or find unblocked work. Trigger on: 'add a task', 'create task', 'show tasks', 'what's next', 'mark done', 'update task', 'task status', 'task history', 'next task', 'task inbox', 'list tasks', 'init tasks', 'task deps', 'ready tasks', 'blocked tasks', 'search tasks', 'tag-any', 'dependency graph'. Also use proactively when starting a new work session — check `tasks status` and `tasks ready` to orient yourself. This skill covers the project's static, file-based task system (persistent, in-repo history) with typed dependency tracking, ready queue, and priority management — NOT ephemeral runtime task tools.
4SKILL.mdUpdated May 10, 2026
lirrensi/skill-store
tools
VerifiedTrustedCommunity
On-demand skill loading from a local skill registry. Trigger on: "skill store", "load skill", "find a skill", "list skills", "import skill", "skill-store", "browse skills", "search skills", or any request to fetch a skill that is NOT currently loaded in the active context. This skill is NOT for managing the already-loaded skills in your prompt. It is for accessing the much larger skill storage (~100s to 1000s) that you only bring into context when you need them. Think of it as a lazy loader: the skills here stay on disk until you explicitly call for them via CLI.
3SKILL.mdUpdated May 16, 2026
lirrensi/batch-task-executor
testing
VerifiedTrustedCommunity
Experimental workflow skill for coordinating many related tasks from any source. Use when the user asks to mass-process, batch-execute, fan out, parallelize, audit, review, summarize, migrate, or solve a list of tasks from a file, issue tracker, pasted list, directory, table, CSV, markdown checklist, Jira export, PR list, or direct instructions. The skill first determines how to read tasks and update their status/comments, then analyzes ordering, conflicts, blockers, and safe execution mode.
3SKILL.mdUpdated May 10, 2026