Tmux Remote

Security checks across malware telemetry and agentic risk

Overview

This tmux skill appears to do what it says, but it can let an agent control live terminal sessions and expose terminal contents, so it belongs in Review.

Install only if you intentionally want an agent to read and control tmux sessions. Prefer a dedicated low-risk tmux session or socket, avoid panes that show secrets or production access, and confirm the target before sending Enter, killing panes, or reading large pane histories.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: This markdown file describes remote-controlling interactive CLIs by sending keystrokes and scraping pane output, which can expose sensitive terminal contents and execute commands in existing sessions. The document provides usage instructions but does not include any user-facing warning about reading potentially sensitive data from panes or affecting live tmux sessions.

VirusTotal

37/37 vendors flagged this skill as clean.

View on VirusTotal