ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

claw-shell

v1.0.0

Runs shell commands inside a dedicated tmux session named claw, captures, and returns the output, with safety checks for destructive commands.

8· 11.3k·282 current·295 all-time
by@imaginelogo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill is meant to run shell commands inside a tmux session named 'claw', which aligns with the code. However, the skill metadata declares no required binaries even though it depends on the tmux executable. Not declaring tmux is an incoherence: an agent or operator would need tmux installed for this to work.
!
Instruction Scope
SKILL.md limits scope to session 'claw' and forbids dangerous commands, and the handler implements that behavior. But the dangerous-command detection is simplistic and can be bypassed (simple token checks, easy to evade with punctuation, concatenation, or alternate syntax). The handler returns an error instructing the agent to ask the user for confirmation rather than performing a confirmation flow itself, so correct behaviour depends on the agent implementation. The skill captures the last ~200 lines of the tmux pane, which can leak sensitive data that was previously displayed in that session; the instructions promise not to touch other sessions, but capture-pane -t claw may still read unrelated content within the 'claw' session (other windows/panes).
Install Mechanism
No install spec (instruction-only with a small handler file). This minimizes disk-install risk; nothing is downloaded from external URLs.
Credentials
The skill requests no environment variables or credentials, which is appropriate for a local tmux-based shell helper.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not declare elevated privileges. It can run commands on demand; autonomous invocation is platform-default but not set by the skill.
What to consider before installing
This skill will run arbitrary shell commands inside a local tmux session named 'claw' and return the pane output. Before installing: 1) Confirm tmux is available on machines where it will run (the skill fails otherwise); the metadata should declare tmux as a required binary but it does not. 2) Understand that the dangerous-command filter is naive and can be bypassed — do not rely on it for safety. 3) Be aware capture-pane can expose previously displayed sensitive data from that tmux session; consider using a fresh, dedicated session or adding stricter pane/window targeting. 4) The handler returns an error asking the agent to prompt the user for confirmation on dangerous commands — ensure your agent will actually prompt and require explicit approval before dangerous commands run. 5) If you do not want the agent to run shell commands autonomously, restrict agent permissions or disable autonomous invocation for this skill. If you need help hardening this skill, ask for recommended code changes (explicit tmux binary check, stricter command validation/whitelisting, explicit interactive confirmation flow, and safer output scoping).

Like a lobster shell, security has layers — review code before you run it.

latestvk979130k9wx441h74a2xpyqtan80bbsf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments