ClawHub

Tmux

Security checks across malware telemetry and agentic risk

Overview

This tmux skill does what it says, but it also normalizes running coding agents in unattended, permission-bypassing modes without enough warning.

Install only if you intentionally want an agent to control tmux sessions. Avoid the permission-bypassing and full-auto examples unless you want unattended code and shell changes, use isolated worktrees or disposable projects, avoid capturing panes that may contain secrets, and list `oc-*` sessions before running bulk cleanup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill's quickstart explicitly launches a coding agent with `--dangerously-skip-permissions`, which goes beyond tmux session management and normalizes bypassing safety checks. In the context of a remote-control skill that can send arbitrary keystrokes into interactive sessions, this materially increases the chance of unintended autonomous system changes without user awareness or approval.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The orchestration section instructs users to run `claude --dangerously-skip-permissions` and `codex --full-auto`, embedding high-autonomy agent execution into a skill whose stated purpose is tmux control. Because the skill also teaches sending prompts and polling for completion, it effectively provides a workflow for unattended multi-agent execution with elevated privileges, amplifying the risk of unsafe code execution or destructive workspace changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation tells users to start an agent with a permission-bypassing flag but does not disclose that this grants the agent broad authority to act without normal approval prompts. In a remote-control tmux workflow, this omission is dangerous because users may treat the example as routine session setup rather than a high-risk automation mode that can change code, execute shell commands, or access sensitive project data.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill description and examples promote scraping pane output via `tmux capture-pane` without warning that terminal history may contain secrets, prompts, tokens, environment variables, or other sensitive user data. Since this skill is specifically designed to capture and relay interactive session output, the risk is contextually heightened rather than incidental.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal