ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tmux Steipete

v1.0.0

Remote-control tmux sessions for interactive CLIs by sending keystrokes and scraping pane output.

0· 57·1 current·1 all-time
by@securecloudprojo·fork of @steipete/tmux (1.0.0)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, required binary (tmux), scripts, and runtime instructions align with a tool to control tmux sessions. The ability to list, capture, and send keystrokes is expected for this purpose. However, the skill exposes optional scanning of multiple sockets (--all) which — if pointed at a shared socket directory — can enumerate other users' sessions; that is a sensitive capability but coherent with the stated goal.
!
Instruction Scope
SKILL.md and the included scripts instruct the agent to send keystrokes and scrape pane output (capture-pane), which is exactly the advertised functionality. The instructions reference an environment variable CLAWDBOT_TMUX_SOCKET_DIR (and allow arbitrary -S socket paths) even though requires.env is empty; this gives the agent scope to target any tmux socket path the operator or agent supplies, which could lead to accessing or controlling unrelated sessions if misused.
Install Mechanism
No install spec; this is instruction+script-only and requires tmux on PATH. Nothing is downloaded or extracted from external URLs.
Credentials
The registry lists no required env vars, but SKILL.md and the scripts rely on CLAWDBOT_TMUX_SOCKET_DIR (with a TMPDIR fallback). That environment dependency is reasonable for socket location, but it's not declared in the metadata. No credentials or unrelated environment access is requested.
Persistence & Privilege
always:false and there is no install-time modification of other skills or global agent settings. The skill does not request persistent privileges beyond using tmux sockets accessible to the process.
What to consider before installing
This skill appears to do what it says (control tmux sessions) and only requires tmux, but review before installing: - Metadata mismatch: the embedded _meta.json ownerId differs from the registry ownerId — that suggests copy/paste or packaging issues; verify the publisher identity if that matters to you. - Socket targeting is powerful: the scripts accept arbitrary socket paths and a --all scan mode. If the socket directory is shared (e.g., a world-writable /tmp path or system tmux socket), the skill could list, read, and send keystrokes to other users' tmux sessions — effectively running commands in their shells. Only run this skill in an isolated environment or ensure CLAWDBOT_TMUX_SOCKET_DIR points to a private socket directory. - The SKILL.md references CLAWDBOT_TMUX_SOCKET_DIR but the skill metadata doesn't declare it; treat that env var as required configuration and confirm its value before use. - No network exfiltration endpoints or hidden downloads were found in the files, but the core capability (send-keys, capture-pane) is inherently sensitive. If you plan to allow autonomous agent invocation, be cautious: an agent could use this skill to control local shells if given socket paths. If you want to proceed: verify the publisher, restrict the socket directory to a private location, and test in a non-production environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f4vfwmbcb87aw2npd2fje9x84ncc8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧵 Clawdis
OSmacOS · Linux
Binstmux

Comments