ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Taizi Claw Shell

Runs shell commands inside a dedicated tmux session named 'claw', returning command output and prompting before destructive commands.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 25 · 1 current installs · 1 all-time installs
by@fresh3
fork of @imaginelogo/claw-shell (based on 1.0.0)
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md and handler implement a tmux-backed shell, which is coherent, but the registry metadata lists no required binaries even though tmux is essential. The skill therefore underdeclares its footprint (tmux must be present).
!
Instruction Scope
SKILL.md promises to run commands only inside session 'claw' and to prompt before destructive commands. The handler largely follows that, but it uses execSync to invoke shell commands that incorporate the user-supplied command string. Because the code only escapes double quotes, shell metacharacters (e.g., $(...), `...`, $VAR, ;, &, |) can be interpreted by the invoking shell before tmux is called, meaning input can be executed on the host outside the tmux pane. The 'ask first' behavior is implemented only by returning an error token, not by enforcing an interactive confirmation.
Install Mechanism
Instruction-only with a small handler.js and no install spec — nothing is downloaded or written during installation. This is low install risk, but the skill still requires tmux at runtime (not declared).
Credentials
No environment variables, credentials, or config paths are requested; that is proportionate to the described purpose.
Persistence & Privilege
always is false and the skill does not request permanent presence or modify other skills or system config. Normal autonomous invocation is allowed by platform defaults.
What to consider before installing
This skill runs arbitrary shell commands and returns their output. Before installing, consider: 1) The skill requires tmux but does not declare it — ensure tmux is available and you accept that requirement. 2) The implementation uses node's execSync with the user command interpolated into a shell command; this can cause the host shell to evaluate parts of the input before tmux receives it (e.g., $(cmd), backticks, environment expansions, or other metacharacters), enabling unexpected or destructive host-side execution. 3) The 'dangerous command' check is basic and can be bypassed; the code only returns an error code that your agent must interpret rather than enforcing confirmation. Recommendations: only install if you trust the agent and users of the skill; ask the developer to (a) declare tmux in metadata, (b) avoid execSync with a shell (use spawn with argv or pass arguments to tmux directly to avoid shell expansion), and (c) implement an explicit confirmation step or server-side gating for destructive commands. If you cannot get these fixes, treat the skill as unsafe for untrusted input or production use.
handler.js:5
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97bs96vfad0vx3981anb238sx831jk0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

claw-shell

ALWAYS USES TMUX SESSION claw.

PURPOSE

  • RUN SHELL COMMANDS INSIDE TMUX SESSION claw
  • NEVER TOUCH ANY OTHER SESSION
  • READ OUTPUT BACK TO THE AGENT

INTERFACE

Tool: claw_shell_run

Inputs:

  • command (string, required): shell command to run inside session claw.

Behavior:

  1. Attach to tmux session claw (create it if missing: tmux new -s claw -d).
  2. Send the command followed by Enter.
  3. Capture the latest pane output.
  4. Return the captured output to the agent.

SAFETY

  • DO NOT RUN:
    • sudo
    • rm (without explicit user approval)
    • reboot, shutdown, or destructive system-level commands
  • IF THE COMMAND CONTAINS ANY OF THE ABOVE:
    • ASK USER FOR CONFIRMATION BEFORE EXECUTING.

EXAMPLES

  • SAFE:

    • ls -la
    • bird read https://x.com/...
    • git status

  • DANGEROUS (ASK FIRST):

    • rm -rf ...
    • docker system prune -a
    • chmod -R ...

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…