v1.0.1

Zellij Terminal Workspace

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:56 AM.

Analysis

The skill is transparent about controlling Zellij terminals, but it also encourages running multiple background coding agents in approval-bypassing modes, so it deserves careful review before installation.

GuidanceInstall this only if you want the agent to control Zellij terminal sessions. Use a dedicated data directory, monitor detached sessions, avoid non-interactive --yolo/--full-auto coding-agent modes unless you explicitly approve them, and clean up sessions when finished.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

zellij excels at running multiple coding agents in parallel ... codex --yolo 'Fix bug X' ... Codex needs --yolo or --full-auto for non-interactive fixes

The skill explicitly recommends launching multiple coding agents through terminal keystrokes and using modes that bypass normal interactive approval.

User impactA coding agent could edit files or run shell commands in the background with less user review than normal.

RecommendationOnly use these workflows in disposable or well-scoped worktrees, avoid --yolo/--full-auto unless explicitly intended, and review diffs and commands before accepting results.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

zellij --data-dir "$DATA_DIR" new-session --session "$SESSION" --layout "default" --detach ... Zellij stores state (sessions, plugins, etc.) in this directory.

The skill intentionally creates detached sessions whose state can continue beyond the immediate interaction.

User impactProcesses started inside Zellij may keep running after the main task if not cleaned up.

RecommendationUse the printed monitor commands, keep sessions in a dedicated data directory, and run cleanup when finished.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

SKILL.md

metadata: {"moltbot":{"os":["darwin","linux"],"requires":{"bins":["zellij","jq"]},"install":[{"id":"brew"...},{"id":"cargo"...}]}}

SKILL.md declares external binary requirements and install methods, while the registry metadata reports no required binaries and no install spec.

User impactUsers may not see the dependency requirements from registry metadata alone and should verify what is installed.

RecommendationInstall Zellij and jq from trusted package sources and confirm the registry metadata accurately reflects required binaries before relying on the skill.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

Capture pane output: zellij --data-dir "$DATA_DIR" pipe --session "$SESSION" --pane-id 0 ... Orchestrating Coding Agents (Codex, Claude Code)

The skill is designed to scrape terminal output, including output from other coding agents running in panes.

User impactAnything shown in those panes, including private logs, prompts, or secrets, can become visible to the controlling agent.

RecommendationDo not run sensitive sessions in panes managed by this skill unless you are comfortable exposing their terminal output to the agent.