Wish Ssh Code Review

What it does

This skill, Wish SSH Code Review, automates checks for secure remote access configurations within Go code using the wish SSH server library. It identifies potential security vulnerabilities and suggests improvements based on a predefined checklist and critical pattern examples related to server setup, graceful shutdown, and BubbleTea handler configuration. The skill helps ensure best practices are followed when building SSH servers.

When to use it

• Reviewing Go code that utilizes the wish SSH server library.
• Ensuring secure host key management in SSH server implementations.
• Verifying correct middleware order for logging and authentication.
• Confirming graceful shutdown handling of active sessions.
• Auditing BubbleTea handler configurations for terminal applications.

Key capabilities

• Checks for secure host key loading and generation.
• Validates the correct order of middleware (logging first, auth early).
• Verifies implementation of graceful shutdown procedures.
• Confirms proper handling of PTY requests for terminal applications.
• Ensures connection limits are in place to prevent resource exhaustion.
• Checks for timeout middleware configuration to avoid hung connections.
• Validates BubbleTea middleware configuration.

Example prompts

• "Review this Go code snippet for SSH server setup vulnerabilities." (followed by the relevant code)
• "Check if this wish SSH server implementation handles graceful shutdown correctly."
• "Analyze this BubbleTea handler configuration for potential issues related to terminal sizing."

Tips & gotchas

• This skill is specifically designed for Go code using the wish SSH server library.
• The skill relies on a predefined checklist and critical pattern examples; it may not catch all possible vulnerabilities.
• Reviewing authentication and session state requires referencing the references/sessions.md document.