ssh host "echo $HOSTNAME"ssh host "echo \$HOSTNAME"or
ssh host 'echo $HOSTNAME'Bash expands all arguments that are not escaped/singlequoted. This means that the problematic code is identical to
ssh host "echo clienthostname"and will print out the client's hostname, not the server's hostname.
By escaping the $ in $HOSTNAME, it will be transmitted literally and evaluated on the server instead.
If you do want your string expanded on the client side, you can safely ignore this message.
Keep in mind that the expanded string will be evaluated again on the server side, so for arbitrary variables and command output, you may need to add a layer of escaping with e.g. printf %q.
ShellCheck is a static analysis tool for shell scripts. This page is part of its documentation.