ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SSH Handoff

v1.0.1

Create and reuse a secure shared terminal handoff when a human must authenticate first and the agent must resume work in the same shell session afterward. Us...

0· 37·0 current·0 all-time
by@jonathan97480
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill's name and description match the included scripts and instructions: it needs tmux, ttyd, node, and python3 to implement local/LAN web terminals that hand off a tmux session. However, the registry metadata lists no required binaries or env vars while SKILL.md and the scripts clearly require several runtime binaries and read multiple environment variables — that metadata mismatch is an inconsistency you should verify before install.
Instruction Scope
SKILL.md limits actions to creating/attaching tmux sessions, launching the bundled launchers, capturing the pane, and printing connection/cleanup info. The instructions explicitly warn against public exposure, prompt to verify pane state before continuing, and do not instruct reading unrelated files or exfiltrating secrets.
Install Mechanism
There is no install spec (instruction-only at registry level) and the code files are bundled with the skill. No remote downloads or extract-from-URL steps appear in the package, which reduces installation risk. The included scripts spawn background processes and write to /tmp and a temporary runtime dir — expected for this functionality.
Credentials
The registry declares no required env vars or credentials, but the scripts rely on many runtime environment variables (HOST, PORT, CLIENT_IP, TTL_MINUTES, EXPECTED_HOST/ORIGIN, COOKIE_SECURE, ACCESS_TOKEN via internally generated values, etc.). None are secret credentials for external services, but the metadata omission is a proportionality/information gap you should confirm.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It spawns ephemeral background processes (ttyd, Node proxy), writes temp state files, and installs a TTL-based cleanup — behavior is scoped to its purpose and documented. Be aware these processes bind network ports and remain until TTL expiry or cleanup.
Assessment
This skill appears to implement what it says, but take these precautions before using it: - Verify provenance: the package has no homepage and an unknown source; review all included scripts yourself before running. - Ensure required binaries (tmux, ttyd, node, python3) are installed from trusted packages; the registry metadata does not list them even though SKILL.md and scripts require them. - Never bind the proxy to a public interface or 0.0.0.0 unless you explicitly accept the risk; prefer 127.0.0.1 or a restricted LAN address. - When using LAN mode set EXPECTED_HOST/EXPECTED_ORIGIN and/or CLIENT_IP to restrict access, and apply firewall rules (UFW_ALLOW_CMD shown by the launcher). - Treat the one-shot URL/token as sensitive and deliver it to the human out-of-band (not via public chat). - Confirm the tmux pane state with tmux capture-pane before the agent issues any commands. - Run the scripts in a controlled environment (non-production host or with a retained snapshot) until you’ve audited them. If you want higher confidence, ask the publisher for source provenance or a signed release, or run the scripts in an isolated test VM to observe behavior before using on important hosts.
scripts/url-token-proxy.js:7
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

lanvk97ayhdhse4x7w1ck9xzam3ymn845qx7latestvk97ah33qnn2fd72m71z1tksmwx844ed1securityvk97ayhdhse4x7w1ck9xzam3ymn845qx7sshvk97ayhdhse4x7w1ck9xzam3ymn845qx7terminalvk97ayhdhse4x7w1ck9xzam3ymn845qx7tmuxvk97ayhdhse4x7w1ck9xzam3ymn845qx7ttydvk97ayhdhse4x7w1ck9xzam3ymn845qx7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments