Tmux
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent tmux controller, but it explicitly recommends running autonomous coding agents with permissions disabled or full-auto in detached sessions.
Review this skill carefully before installing. The tmux helper itself is simple, but avoid letting it launch coding agents with permission checks disabled unless you are working in a disposable or isolated project and are actively monitoring the session.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A coding agent could make broad project or system changes with fewer approval prompts than the user expects.
The skill explicitly recommends launching coding agents with permission checks disabled or full-auto behavior, which can allow high-impact local code and command execution without normal confirmations.
tmux send-keys -t "$SESSION" 'claude --dangerously-skip-permissions' Enter ... tmux send-keys -t oc-project-fix2 'codex --full-auto' Enter ... Codex needs `--yolo` or `--full-auto` for non-interactive fixes
Do not use `--dangerously-skip-permissions`, `--full-auto`, or `--yolo` by default. Require explicit user approval, run in isolated worktrees or containers, and keep normal permission prompts enabled unless the user knowingly opts in.
Background agents may keep acting on files or projects after the user stops watching the conversation.
The documented workflow creates detached background sessions for multiple coding agents and monitors them asynchronously, so work may continue after the initial interaction.
tmux excels at running multiple coding agents in parallel: ... tmux new-session -d -s oc-project-fix1 ... # Launch agents ... # Poll for completion
Only start detached agent sessions with explicit user consent, announce how to monitor them, scope them to isolated directories, and confirm cleanup with `tmux kill-session` when finished.