ClawHub

Cmux

v1.0.0

Control cmux terminal multiplexer via its Unix socket API. Use when needing to: (1) List, create, select, or close workspaces; (2) Split panes and manage sur...

1· 180·1 current·1 all-time
byWangJie@cnwangjie
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actions in SKILL.md and the included Python helper: all operations target the cmux Unix socket (/tmp/cmux.sock) or the cmux CLI. No unrelated binaries, services, or credentials are required.
Instruction Scope
Instructions are narrowly scoped to sending JSON-RPC to the cmux socket or calling the cmux CLI. Be aware that the skill explicitly lets the agent send arbitrary text and key presses to terminal surfaces (i.e., it can inject commands into shells). This is expected for a terminal multiplexer controller but is powerful—use caution with untrusted inputs or autonomous agent actions.
Install Mechanism
No install spec — instruction-only plus a small helper script. Nothing is downloaded or written by an installer, and the included Python code is straightforward and matches the documented behavior.
Credentials
No required environment variables or credentials beyond an optional CMUX_SOCKET_PATH (default /tmp/cmux.sock). The env var is appropriate for the stated purpose and nothing else is accessed.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system config. However, it permits the agent to send input to local terminal sessions; since model invocation is allowed (the platform default), consider whether you want the agent to be able to autonomously send commands to terminals without explicit user confirmation.
Assessment
This skill is coherent and does what it claims: it connects to a local cmux Unix socket or invokes the cmux CLI to list workspaces, split panes, and send text/keys. Important considerations before installing: (1) This gives the agent the ability to inject keystrokes and text into terminal sessions—treat that as equivalent to the ability to run shell commands in those terminals. (2) Only install on machines and accounts you trust; ensure the cmux socket has appropriate filesystem permissions and that CMUX_SOCKET_PATH points to the intended socket. (3) If you want to prevent accidental command execution, require manual confirmation before the agent issues surface.send_text or send_key calls, or disable autonomous invocation for this skill. (4) Review the small included script (scripts/cmux_client.py) if you have local security policies — it simply wraps the socket JSON-RPC calls described in SKILL.md.

Like a lobster shell, security has layers — review code before you run it.

latestvk976qg6vc69akgekxt9jqepw5n82t2p6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments