Tmux Remote Control
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its tmux-control purpose, but it encourages launching coding agents with permission-bypassing or full-auto modes that can act on your files without normal confirmations.
Install only if you intentionally want OpenClaw to control tmux sessions. Avoid the `--dangerously-skip-permissions`, `--full-auto`, and `--yolo` examples unless you explicitly accept the risk; restrict targets to dedicated `oc-*` sessions, use separate worktrees, monitor running sessions, and avoid scraping panes that contain secrets.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A spawned coding agent could run commands or edit project files without the normal permission prompts or review steps.
The skill makes permission-bypassing and full-auto coding-agent modes part of its normal tmux workflow examples, not merely a neutral option listing.
tmux send-keys -t "$SESSION" 'claude --dangerously-skip-permissions' Enter ... Codex needs `--yolo` or `--full-auto` for non-interactive fixes
Do not use the dangerous/full-auto flags by default; require explicit user confirmation, use scoped worktrees, and prefer safer interactive approval modes.
If misused, the agent could read from or type into an existing tmux pane rather than only an OpenClaw-created session.
The skill intentionally uses the user's default tmux server and can enumerate panes; although disclosed and purpose-aligned, this is broader than an isolated OpenClaw-only tmux socket.
**Always use the default tmux server.** Do NOT use `-S` custom sockets. ... `tmux list-panes -a`
Limit use to clearly named `oc-*` sessions unless the user explicitly asks to control another tmux session.
Sensitive terminal output could be exposed to the agent context, and untrusted text shown in a pane could influence later actions.
Pane output is scraped into the agent's context; this is central to the skill, but terminal history can contain secrets, private data, or untrusted instructions.
Capture recent history: `tmux capture-pane -p -J -t target -S -200`.
Use this only on panes you expect the agent to read, avoid panes containing secrets, and treat captured output as untrusted evidence.
Background sessions may keep using resources or changing files after the user stops watching.
The workflow creates detached sessions and launches coding agents that can continue running until explicitly killed; cleanup is documented.
tmux new-session -d -s oc-project-fix1 ... # Launch agents ... # Kill all OpenClaw sessions
Monitor active `oc-*` sessions and kill them when finished; require confirmation before starting long-running or parallel agent sessions.