Back to skill

Security audit

Tmux Steipete

Security checks across malware telemetry and agentic risk

Overview

This tmux helper is mostly transparent, but it teaches agents to launch other coding agents in unattended modes and can dump terminal pane history, so users should review it before installing.

Install only if you want tmux-based automation and are comfortable supervising it. Use isolated git worktrees, avoid unattended `--yolo` or `--full-auto` subagents unless explicitly intended, avoid capturing panes that may contain secrets, inspect diffs before keeping changes, and kill tmux sessions when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
This is a markdown file, so SQP-2 applies to missing user warnings in documentation. The section encourages launching coding agents in full-auto mode and includes cleanup commands that terminate sessions, but it does not warn users that these actions may make unattended code changes, execute commands, or discard interactive state.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.