ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Smux

v1.0.0

Cross-pane messaging for tmux. Use `tmux-bridge` command to send messages between panes labeled p1, p2, p3...

0· 106·0 current·0 all-time
by@mkuiwu

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for mkuiwu/smux.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Smux" (mkuiwu/smux) from ClawHub.
Skill page: https://clawhub.ai/mkuiwu/smux
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: tmux
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install smux

ClawHub CLI

Package manager switcher

npx clawhub@latest install smux
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to provide a tmux-based cross-pane messaging CLI (tmux-bridge). The registry metadata only requires 'tmux' but the SKILL.md repeatedly instructs the agent to run a separate 'tmux-bridge' binary. That binary is not included, not declared as a required dependency, and there is no homepage or source repository to verify what it does. This mismatch (declared requirements vs. actual instructions) is incoherent and potentially risky.
!
Instruction Scope
Runtime instructions tell the agent to run tmux-bridge commands (send, pending, reply) and to append auto-label configuration into ~/.tmux.conf and then source it. Modifying ~/.tmux.conf is a non-trivial side effect and should be explicit/trusted. References in the tmux fallback docs to commands like 'capture-pane -p' indicate the ability to read pane contents; while SKILL.md doesn't explicitly instruct arbitrary pane captures, the provided fallbacks could be used to read other panes' output. The skill also prescribes agents automatically replying to pending messages, which could cause automatic cross-agent messaging or unintended disclosure if deployed autonomously.
Install Mechanism
There is no install spec (instruction-only), which minimizes direct file-writing by the skill itself. However, because the skill expects an external 'tmux-bridge' CLI that is neither bundled nor linked, an operator or agent may try to obtain or execute that binary from elsewhere — the absence of a trusted install source or homepage is a practical and security concern.
Credentials
The skill requests no environment variables or credentials. Requiring only the 'tmux' binary (but in practice also needing 'tmux-bridge') is proportionate to a tmux-integration skill — the main issue is the missing/undeclared tmux-bridge artifact, not overbroad credential requests.
Persistence & Privilege
always:false (normal). The skill instructs agents to modify ~/.tmux.conf (persistent user config), which is a write to user configuration and should be performed only with explicit consent. Also the agent collaboration rules encourage automatic replies to other panes; combined with autonomous agent invocation this could lead to automatic cross-pane messaging loops or unintended actions. This is a behavioral risk rather than a direct privilege escalation.
What to consider before installing
Do not install or run this skill blindly. The SKILL.md expects a third-party 'tmux-bridge' CLI but the skill package provides no binary, no install instructions, and no source/homepage to vet. Before using: (1) obtain and review the tmux-bridge binary/source from a trusted location (or ask the author for a link); (2) inspect what tmux-bridge does (especially whether it reads other panes, writes files, or contacts networks); (3) do not append anything to ~/.tmux.conf without reviewing the auto-label content; (4) if you allow an agent to run this skill autonomously, be aware it is instructed to auto-reply to incoming 'pending' messages — that can cause automatic cross-pane messaging and potential data leakage; and (5) prefer skills that declare all required binaries and provide an install or a verifiable homepage/source. If you can obtain the tmux-bridge source for review, rescan the skill with that included — that information would likely change the assessment.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🖥️ Clawdis
OSmacOS · Linux
Binstmux
latestvk974kj6v5nrc5p0dd2f9px1ccs846mj5
106downloads
0stars
3versions
Updated 3w ago
v1.0.0
MIT-0
macOS, Linux
@mkuiwu
latest
Download

smux

多 pane 协作技能。通过 p1, p2, p3 标签与其他 pane 通信,无需记忆 pane ID。

快速开始

# 从普通 shell 启动三 pane 工作台
tmux-bridge -l mysession

# 查看当前 session 的 panes
tmux-bridge list

# 收到任务后,先判断当前消息是不是来自其他 agent
tmux-bridge pending

# 需要对方回传结果时显式声明
tmux-bridge send --expect-reply p1 '请分析 src/auth.ts'

# 仅通知,不要求回复
tmux-bridge send --no-reply p1 '我先去跑测试'

# 收到待回复任务后回传最终结论
tmux-bridge reply '分析完成:...'

命令

命令用途
launch / -l <session_name> [delay_secs]从外层 shell 创建新的三 pane session,并自动 attach
kill-session / -k <session_name>按 session 名快速关闭整个 tmux session
list列出当前 session 的所有 pane 和标签
send --expect-reply <target> <msg>发送需要回传结果的消息
send --no-reply <target> <msg>发送不需要回传的消息
pending查看当前 pane 未处理的待回复消息,状态为 waitingoverdue
reply <msg>回复当前 pane 最近一条待回复消息
rename将当前 session 所有 pane 重命名为 p1, p2, p3...
auto-label输出自动命名配置脚本

Agent 协作准则

  1. 在生成最终回复前,先执行 tmux-bridge pending 判断当前 pane 是否有待回复消息。
  2. 如果 pending 显示 waitingoverdue,说明当前任务来自其他 agent,最终结论必须用 tmux-bridge reply '<结论>' 回传。
  3. 如果 pending 没有待回复项,视为普通用户输入,不需要调用 reply
  4. 给其他 agent 发任务时,默认使用显式模式:
    • 需要结果时用 --expect-reply
    • 只是通知时用 --no-reply
  5. 禁止回传“收到”“正在处理”“谢谢”这类无效内容;即使没有发现,也要明确回复“无发现”。
  6. 如果 tmux-bridge reply 报错 no pending reply target for this pane,说明当前没有可自动回复的对象,此时再手动使用 tmux-bridge send --no-reply <target> '<结论>'

自动命名(推荐)

开启后,新创建的 pane 自动获得 p1, p2 标签:

# 添加配置到 tmux.conf
tmux-bridge auto-label >> ~/.tmux.conf
tmux source-file ~/.tmux.conf

使用原则

  • 外层创建/关闭 session 优先使用 tmux-bridge -ltmux-bridge -k
  • pending 是判断消息来源的唯一依据,不要靠目测 pane 输出猜测
  • 发 agent 消息时不要手搓 send-keys
  • 标签优先:用 p1 代替 %42
  • reply 只用于处理 --expect-reply 建立的待回复消息

Comments

Loading comments...