ClawHub

Claude Code within tmux

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only tmux helper that does what it advertises, though users should be careful because it can read from and type into live terminal panes.

Install only if you want an agent to interact with Claude Code through tmux. Use clear unique session and pane names, verify the target pane before any send action, avoid shared or production tmux sessions, and treat captured scrollback as potentially sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill's invocation guidance is broad enough that an agent could apply it whenever it sees vague references to checking or interacting with Claude in tmux, without first verifying scope, target session, or user intent. Because the skill enables direct interaction with live tmux panes, underspecified triggers increase the chance of acting on the wrong session or writing into an unintended live terminal, which can affect active workflows or sensitive environments.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to send arbitrary prompts directly into a live tmux pane using tmux send-keys, but it does not require an explicit warning or confirmation that this will write input into an active terminal session. In context, this is more dangerous because tmux panes may be attached to real shells or interactive tools in shared or production environments, so mistargeted or unexpected keystrokes can trigger commands, alter state, or interfere with another operator's session.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal