ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claude Code Supervisor

v1.0.0

Supervise Claude Code sessions running in tmux. Uses Claude Code hooks with bash pre-filtering (Option D) and fast LLM triage to detect errors, stuck agents, and task completion. Harness-agnostic — works with OpenClaw, webhooks, ntfy, or any notification backend. Use when: (1) launching long-running Claude Code tasks that need monitoring, (2) setting up automatic nudging for API errors or premature stops, (3) getting progress reports from background coding agents, (4) continuing work after session/context limits reset. Requires: tmux, claude CLI.

3· 3k·18 current·19 all-time
by@johba37
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the actual behavior: installing hooks into .claude, reading tmux panes, triaging with a fast LLM, nudging via tmux, and notifying an agent harness. However the metadata omission of commonly used system tools (notably jq and pgrep) is inconsistent with what the scripts require. The default notify command (openclaw gateway call wake --params) and reliance on the claude CLI are reasonable for this skill but are not declared as required tooling/credentials in the metadata.
!
Instruction Scope
The hook scripts and watchdog capture terminal output and send that context to: (a) the triage LLM (via the configured triage.command) and (b) the configured notify command. That behavior is necessary for supervision but is also sensitive: terminal outputs can contain secrets (keys, tokens, file contents). The scripts will transmit those outputs to whatever triage/notify command you configure (by default the claude CLI and an OpenClaw gateway call). There are no safeguards or redaction steps in the code.
Install Mechanism
There is no external binary download; install-hooks.sh copies provided scripts into the project and merges JSON into .claude/settings.json. This is standard for a hook-based tool. No remote URL downloads or extracted archives are used. The installer does source a local lib.sh and writes a notify wrapper to /tmp.
!
Credentials
The skill declares only tmux (and optionally claude) as required binaries, but the scripts rely heavily on jq and use pgrep and other system utilities — those are not declared. The default triage command uses the claude CLI (which will use your Claude credentials) and the default notify command uses OpenClaw — both can transmit terminal content. No environment variables or credentials are required explicitly, but the skill will operate using whatever local CLIs/credentials are present (claude, openclaw), which increases the blast radius if misconfigured.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It writes hooks to project .claude/, updates project settings.json, creates a /tmp notify wrapper, and reads/writes a supervisor-state.json in ~/.openclaw/workspace — these are expected for its function and scoped to the project/user. It will run as invoked (hooks or cron) and can act autonomously when events fire, which is normal for a supervisor.
What to consider before installing
This skill mostly does what it says (install hooks, read tmux session output, call a fast LLM to triage, and notify an agent), but review these before installing: - Dependencies: the scripts call jq and pgrep (and expect tmux); metadata only lists tmux and claude. Install jq and ensure required CLIs are present or update the metadata. - Sensitive data: the triage and notify steps send captured terminal output to external commands (by default the claude CLI and an OpenClaw gateway). Terminal output often contains secrets or file contents — ensure the configured triage.command and notify.command target trusted local tools/endpoints, or add redaction before sending. - Default notify: the default notify command calls openclaw gateway; if you don't use OpenClaw, change the notify.command to a safe local script or webhook you control. Inspect the generated /tmp/supervisor-notify.sh and replace it if necessary. - Review hooks: read the hook scripts (on-stop.sh, on-error.sh, on-notify.sh), triage.sh, and lib.sh before installing. They will merge into .claude/settings.json and write files in your project and ~/.openclaw/workspace. - Test in a sandbox: install into a non-sensitive test project first, verify behavior, and confirm notifications/LLM calls don't leak secrets. Consider configuring triage to use a local LLM rather than remote CLAUDE if you have secrecy concerns. If you want me to, I can: (1) list all external binaries/tools the scripts call, (2) suggest a minimal secure configuration (redaction + local notify), or (3) highlight exact lines that send data to external commands.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bsdz5mvg28ypbtgswwygz8h80jeme

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

👷 Clawdis
OSmacOS · Linux
Binstmux
Any binclaude

Comments