ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tmux Manager

v1.0.0

Manage tmux sessions using the tmux-manager.py script. Use when asked to create, kill, restart, list, or inspect tmux sessions, send commands to sessions, ta...

0· 83·0 current·0 all-time
byRocco De Angelis@rdeangel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, required binaries (tmux, uv), script location, and usage all align: this is a tmux session manager that needs tmux and a script runner (uv). The brew installs for tmux and uv are reasonable for the stated functionality.
Instruction Scope
SKILL.md and the script confine behavior to a local YAML config and tmux operations. However the script supports pre/post hooks (run with shell=True) and arbitrary window/ pane commands (sent via tmux send-keys). Those features are expected for this tool but allow arbitrary shell execution and interaction with running sessions — review configs before running.
Install Mechanism
Install spec uses Homebrew formulas (uv, tmux). This is a low-risk, expected install mechanism for macOS/homebrew environments. No downloads from untrusted URLs or archive extraction are present.
Credentials
The skill requests no environment variables or external credentials. It does set tmux-level env vars from the YAML and expands user paths; that is reasonable and proportional to its functionality.
Persistence & Privilege
The skill is user-invocable, not always-enabled, and does not request elevated platform privileges or modify other skills. It will run subprocesses and hooks as the invoking user (normal for this type of utility).
Assessment
This skill appears to do what it says — manage tmux sessions. Before installing or running it, review any tmux-sessions.yaml you will use: the config can contain pre_hook, post_hook, window/pane commands, and env values that will execute as shell commands or be injected into running terminals. Do not run untrusted configs or hooks as a privileged user. Use --dry-run and --validate first, inspect the sample YAML, and ensure uv and tmux are installed from trusted package sources. If you need to harden usage, avoid enabling hooks or limit configs to commands you control.

Like a lobster shell, security has layers — review code before you run it.

latestvk977bcr8rk94qjajxn314dm0e983a1qq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💻 Clawdis
Binsuv, tmux

Install

Install uv (brew)
Bins: uv
brew install uv
Install tmux (brew)
Bins: tmux
brew install tmux

Comments