Terminal
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed local terminal helper that can run powerful shell commands and store local command history, so it appears purpose-aligned but should be used carefully.
Install this only if you want an agent-assisted local terminal workflow. Treat every proposed command like a command you typed yourself: preview it first, confirm destructive actions explicitly, and use the history privacy flags for sensitive work.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A command run through this skill can read or change local files, start processes, or invoke network-capable tools with the current user's permissions.
The script executes a supplied shell command in a local working directory. That is central to the terminal-copilot purpose and is disclosed, but it gives the skill broad local execution capability.
completed = subprocess.run(
args.command,
shell=True,
cwd=args.cwd,
text=True,
capture_output=True
)Use preview mode before execution, inspect each command carefully, and only pass `--yes` for high-risk commands after confirming the impact.
Sensitive command results could remain in local history if a command prints secrets, private file contents, or personal data.
Command, working directory, status, and truncated stdout/stderr are written to local history. The code redacts some sensitive patterns and supports not storing output, but command output may still contain private information.
"command": safe_command,
"cwd": os.path.abspath(cwd),
"risk": risk,
"status": status,
"returncode": returncode,
"stdout": safe_stdout[-4000:],
"stderr": safe_stderr[-4000:]Use `--no-store-output` for sensitive commands, use `--redact-display` when showing output, and review or clear the local history when needed.