Skillv1.0.0

ClawScan security

Tmux · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 25, 2026, 8:42 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements, included script, and runtime instructions are coherent with its stated purpose of controlling tmux sessions; it does not request unrelated credentials or install arbitrary software.
Guidance: This skill appears internally consistent and does what it says: orchestrate and scrape tmux panes. Before installing, consider: - The skill uses the default tmux server and an 'oc-' naming convention; if you already run tmux sessions, the skill could accidentally target or kill sessions with conflicting names. Prefer running in a dedicated socket or separate user if you need isolation. - The skill drives arbitrary CLI processes inside tmux — do not run untrusted binaries via these sessions. Examples in the docs (like --dangerously-skip-permissions, --yolo, or --full-auto) are risky flags for real agent binaries; avoid using them unless you understand the implications. - The included wait-for-text.sh polls panes and can block until timeouts; review timeout settings to avoid long-running hangs. - If you need stronger containment, run tmux under a dedicated user, dedicated container, or use a custom socket (contrary to the skill's default recommendation) to avoid interacting with your interactive desktop/server tmux sessions. If you are comfortable with these caveats, the skill is coherent with its purpose.

Review Dimensions

Purpose & Capability: okThe skill only requires the tmux binary and its instructions and script exclusively use tmux commands (new-session, send-keys, capture-pane, kill-session). The included wait-for-text.sh polls tmux panes for text; this is directly aligned with 'remote-control tmux sessions'.
Instruction Scope: noteInstructions explicitly tell the agent to start and drive interactive programs inside tmux and to scrape pane output. This is expected for the stated purpose, but it means the skill will cause arbitrary commands to run inside user sessions (examples include launching 'claude'/'codex' with flags that bypass permissions). Also the guidance to always use the default tmux server means the skill will operate on the user's primary tmux server and could interact with or affect other user sessions if names collide.
Install Mechanism: okNo install spec; this is instruction-only plus a small included Bash helper script. Nothing is downloaded or written to disk beyond the provided script, so installation risk is low.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The SKILL.md examples reference running external agent binaries but do not request secret tokens from the environment.
Persistence & Privilege: okalways is false and the skill does not request persistent elevated privileges or modify other skills. It uses the default tmux server by design, which is a functional decision rather than a privilege escalation.