ClawHub

ResmoteConsole

Security checks across malware telemetry and agentic risk

Overview

This skill openly creates a browser-accessible remote terminal, but its defaults can expose powerful shell access without strong built-in safeguards.

Install only if you understand that this can expose an interactive shell on your machine. Before use, remove the claude-bypass command, add ttyd authentication and HTTPS or restrict access through a VPN/firewall allowlist, use a dedicated limited SSH account/key, avoid sensitive or production projects, and verify the ttyd and SSH tunnel processes are stopped after each session.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
try:
        if platform.system() == 'Windows':
            subprocess.Popen(
                ttyd_args,
                creationflags=subprocess.CREATE_NO_WINDOW,
                stdout=subprocess.DEVNULL,
Confidence
88% confidence
Finding
subprocess.Popen( ttyd_args, creationflags=subprocess.CREATE_NO_WINDOW, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL

subprocess module call

Medium
Category
Dangerous Code Execution
Content
cwd=project_path
            )
        else:
            subprocess.Popen(
                ttyd_args,
                stdout=subprocess.DEVNULL,
                stderr=subprocess.DEVNULL,
Confidence
88% confidence
Finding
subprocess.Popen( ttyd_args, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL, cwd=project_path )

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The documented `claude-bypass` command uses `--dangerously-skip-permissions`, explicitly disabling safety checks for an agent exposed through a remote console workflow. In this context, a browser-accessible terminal plus permissionless agent execution materially increases the chance of destructive or unintended actions, especially if the tunnel, browser session, or project context is compromised.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script suppresses stdout and stderr for the SSH tunnel and ttyd startup, reducing visibility into failures, authentication prompts, host-key warnings, and misconfigurations while establishing a remote shell service. In this skill context, that makes a high-risk operation less observable and increases the chance that users unknowingly expose a live remote console without noticing security-relevant warnings.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal