Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Tmux Remote
v1.0.0Automation skill for Tmux Remote.
⭐ 0· 119·1 current·1 all-time
byzhangzhifeng@164149043
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description and included scripts align with a tmux remote-control utility: send-keys, capture-pane, and session discovery. However, registry metadata showed no required binaries while SKILL.md metadata declares tmux as required — an inconsistency. The scripts legitimately need tmux, so the missing tmux declaration in the registry metadata is a mismatch but not by itself malicious.
Instruction Scope
SKILL.md and the scripts instruct only tmux-related operations (listing sessions, sending keys, capturing pane output). But the scripts will enumerate tmux sockets (including an --all mode that scans CLAWDBOT_TMUX_SOCKET_DIR) and capture pane contents. Capturing and printing pane text (especially wait-for-text.sh printing the last N lines on timeout) can expose sensitive terminal output (passwords, tokens, private data). Also, the scripts reference the CLAWDBOT_TMUX_SOCKET_DIR env var that is not declared in the skill metadata/requirements.
Install Mechanism
There is no install spec (instruction-only) and the package contains two small bash scripts. No network downloads or arbitrary code retrieval are performed. Risk from installation is low, but the included scripts will be present on disk and may be executed by the agent.
Credentials
No credentials are requested, which is appropriate, but the scripts implicitly use CLAWDBOT_TMUX_SOCKET_DIR (defaulting to /tmp/…); that environment variable is not declared in the skill's required env list. The ability to scan socket directories and target arbitrary tmux sockets is powerful and could be used to access other users' tmux sessions if socket paths are accessible. The skill should have declared this environment dependency and documented the security implications.
Persistence & Privilege
always is false and the skill does not request the ability to remain enabled universally or modify other skills. It does not request elevated platform privileges. Autonomous invocation is allowed by default but is not combined with other escalation indicators.
What to consider before installing
This skill is functionally a tmux remote-control helper and the included scripts appear legitimate, but it can enumerate tmux sockets and scrape terminal pane output — which can leak secrets. Before installing: 1) Verify you want an agent that can read tmux pane contents and possibly other users' sessions; 2) Confirm where CLAWDBOT_TMUX_SOCKET_DIR will point and ensure it does not contain sockets for other users/processes; 3) Ensure the agent runtime has restricted file permissions and does not run as a privileged user; 4) Review the two scripts (find-sessions.sh and wait-for-text.sh) yourself; 5) Prefer running this skill in a controlled environment (container or dedicated account) if you expect sensitive terminal data. The missing declaration of tmux as a required binary and the undeclared CLAWDBOT_TMUX_SOCKET_DIR env var are inconsistencies you may want the author to fix before trusting the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk973s6yz9pg955f2sez1xk8z9h833x7c
License
MIT-0
Free to use, modify, and redistribute. No attribution required.