Back to skill

Security audit

Lucky Tmux Controller

Security checks across malware telemetry and agentic risk

Overview

This skill openly controls tmux sessions, but it gives an agent broad ability to read terminal history, type into live sessions, approve prompts, and kill sessions without strong guardrails.

Install only if you intend to let the agent inspect and type into tmux sessions. Set explicit rules before use: verify the target session, capture the minimum needed output, never approve prompts blindly, and require confirmation before sending Enter, control keys, or session-management commands such as kill, rename, or new-session.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The guidance says not to use the skill to create new tmux sessions, yet later documents commands to create, rename, and kill sessions. This contradiction can mislead an agent or operator into using broader, more destructive session-management actions than intended, increasing the risk of disrupting other users' interactive work.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The 'When NOT to Use' section prohibits creating new tmux sessions with this skill, but the 'Session Management' section directly instructs how to do so. In a remote-control context, inconsistent documentation weakens operator safeguards and can cause unauthorized or accidental session creation in shared environments.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The examples include kill-session and other session-administration actions without warning that they can terminate active work or disrupt other users attached to the same tmux server. In a shared or remote environment, this creates a realistic risk of accidental denial of service or loss of unsaved interactive state.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instructions to approve prompts by blindly sending 'y' or a numbered option encourage authorizing actions inside another interactive session without verifying the prompt content. Because the skill is specifically designed to control remote interactive CLIs, this can lead to unintended approval of privileged, destructive, or sensitive operations in a live session.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
On timeout, the script prints the last captured tmux pane contents directly to stderr. Because this skill is specifically designed to remote-control interactive CLI sessions and scrape pane output, those contents may include secrets, tokens, prompts, command history, or other sensitive terminal data, which can be exposed to logs, calling agents, or users who should not see them.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.