ClawHub

headless-terminal

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for controlling terminal UI sessions, and its powerful capture/control behavior is mostly disclosed and aligned with that purpose.

Install `ht` only from the named Montana Flynn headless-terminal project or another source you explicitly trust. Use this skill when a real terminal UI needs PTY control, approve remote/auth/destructive flows deliberately, and protect or delete recordings and screenshots because they can capture sensitive terminal contents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The recording recipes encourage capturing full terminal sessions to asciicast/GIF without warning that prompts, secrets, tokens, hostnames, file paths, or other sensitive on-screen data may be recorded and then easily shared. In this skill's context, the tool is explicitly designed to drive installers, auth prompts, SSH/TUIs, and REPLs, which increases the likelihood that sensitive data appears in the recorded output.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The screenshot recipe shows exporting the current terminal view to PNG without warning that the image may contain confidential terminal contents. Because this skill targets hostile/full-screen and interactive sessions, screenshots can easily capture credentials, access tokens, internal hostnames, customer data, or other sensitive operational context and then persist it to disk for later disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal