most pentesters worth their salt would never do mass exploitation of vulnerable systems, there is little upside doing that and you never know what side effects you will trigger.

This project is fine for the author's self-improvement on how SSH is implemented, but personally I advise against using it in a production environment.

If you don't use it, someone running some random bit of "curl|bash" will

If you just connect to the hosts, I think it's unlikely to hit any serious side effect. And this can be discussed beforehand with the client anyway.