High-risk tools in Claude Ssh
4 of the 9 tools in Claude Ssh are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
ssh_connectExecuteConnect to a remote server via SSH. Provide full details for a new server (it will be saved for next time), or just the sessionName to reconnect to a previously saved server.
-
ssh_disconnectExecuteClose an active SSH session.
-
ssh_executeExecuteExecute a command on a connected remote server.
-
ssh_transferExecuteTransfer a file between two connected remote servers (source → destination) via SFTP.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.