headless-terminal
AdvisoryAudited by Static analysis on May 4, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on the wrong program or prompt, the agent could accidentally save files, accept installer prompts, change repository state, or operate a remote TUI.
The skill teaches the agent to launch arbitrary interactive commands under a PTY and send keystrokes to them, which is exactly its purpose but can affect real local or remote state.
`ht run --name demo-$(date +%s) <cmd...>` `ht send demo "keys..." --wait-idle 200ms --view`
Use this only when a real terminal UI is needed, inspect the command and screen state before sending keys, and require explicit user approval for destructive or account-changing actions.
The skill could help the agent operate authenticated sessions or remote systems with whatever permissions the user already has.
The documented use cases include SSH and authentication prompts, meaning the agent may act through the user's existing local, remote, or account privileges.
Use when an agent needs reliable PTY-backed interaction ... for tools like ... `SSH-driven TUIs, installers, auth prompts`.
Do not use it for login, SSH, production, or privileged prompts unless the user has explicitly approved the target, scope, and intended actions.
Installing the wrong `ht` package or an untrusted release could put a different program on the user's PATH.
The skill depends on an external CLI obtained from a Homebrew tap or GitHub release. The artifacts disclose the source and warn about package-name ambiguity, but installation remains a supply-chain trust decision.
`brew install montanaflynn/tap/ht` ... use a release tarball from `https://github.com/montanaflynn/headless-terminal/releases`
Verify the repository owner, package name, release page, and ideally checksums/signatures before installing; avoid unrelated packages with similar names.
A leftover session could keep a terminal program running after the intended task, potentially holding files, remote connections, or processes open.
The workflow acknowledges that `ht` sessions can persist. This is disclosed and bounded by cleanup guidance, but users should notice the persistence behavior.
Stop and remove the session when done, unless the user explicitly wants a persistent session.
Clean up with `ht stop` and `ht remove` after each task unless persistence was specifically requested, and check `ht list` for stale sessions.
Terminal captures could contain private file contents, command output, hostnames, prompts, or other sensitive screen data.
The references show recording sessions and writing screenshots. Those files can persist terminal contents and may later be read by the agent or shared by the user.
`ht record --output session.cast S` ... `ht view --format png --output /tmp/session.png S`
Avoid recording or screenshotting private/authenticated sessions unless necessary, store captures in safe locations, and delete them when no longer needed.