ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Terminal Session Replay

v1.0.0

Record and replay terminal sessions for debugging, documentation, or sharing procedures with teammates.

0· 257·0 current·0 all-time
byDerick@derick001
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the tool wraps the standard 'script' family of utilities and provides record/replay/export/list/delete functionality. Declared required binaries (python3, script) make sense.
Instruction Scope
Runtime instructions and the Python code operate locally on ~/.terminal-sessions and call only local commands (script, scriptreplay, cat). Important privacy note: recording captures everything typed and displayed in the terminal (including secrets/passwords), which is expected for this purpose but should be highlighted to users.
Install Mechanism
Instruction-only skill with bundled Python script; there is no install spec that downloads external artifacts. No network fetches or archive extraction in the provided files.
Credentials
No environment variables, credentials, or unrelated config paths are requested. The tool stores session files under the user's home directory (~/.terminal-sessions) which is proportional to its function.
Persistence & Privilege
The skill is not marked always:true, does not request elevated or cross-skill config changes, and only persists files in its own sessions directory.
Assessment
This skill appears to do what it claims: record and replay terminal sessions locally. Before installing or using it, consider the following: (1) recordings capture everything you type/see (including passwords and secrets) — avoid recording sensitive sessions or securely delete/encrypt recordings afterward; (2) session files are stored by default in ~/.terminal-sessions — check and restrict filesystem permissions and add that path to backups/.gitignore if needed; (3) the tool invokes the system 'script' and 'scriptreplay' binaries — ensure those are the expected system utilities (not maliciously replaced on your PATH); (4) you can review scripts/main.py (provided) and run the tool in a sandbox/container if you want to test in isolation; (5) no network exfiltration or external credentials are requested by the skill, but treat recordings as sensitive data and manage accordingly.

Like a lobster shell, security has layers — review code before you run it.

latestvk975hfvzkjr9nxtp2w2myvwg2982qa1w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3, script

Comments