Skills Backup Claw Shell

This skill is classified as suspicious due to its core functionality allowing arbitrary shell command execution via `execSync` in `handler.js`. A critical shell injection vulnerability exists in the `sendCommand` function, as `tmux send-keys` will transmit shell metacharacters (e.g., `;`, `|`, `$(...)`) from the `command` input directly to the shell within the tmux pane, allowing an attacker to execute arbitrary commands beyond the intended single command. While `SKILL.md` and `handler.js` include keyword-based safety checks, these are easily bypassable and do not mitigate the underlying vulnerability, making the skill a high-risk primitive.