Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
My Claw Shell
v1.0.0Runs shell commands inside a dedicated tmux session named claw, returning the command output while restricting dangerous commands without confirmation.
⭐ 0· 716·10 current·12 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose is to run commands inside a tmux session named 'claw' and only touch that session. The implementation matches that intent (uses tmux has-session, send-keys, capture-pane). However, the registry metadata lists no required binaries while the code clearly depends on the tmux binary being present on the host. This is an incoherence that could cause runtime failures or hide the fact the skill will execute host tmux commands.
Instruction Scope
SKILL.md and handler.js keep scope to the 'claw' tmux session and return pane output as promised. The safety mechanism (isDangerous) returns an error prompting user confirmation for a short list of patterns, but this is a brittle heuristic that can miss many dangerous constructs (e.g., 'curl ... | sh', more shell metacharacters, alternate forms of destructive commands). The code executes arbitrary user-supplied commands by sending them to tmux, which is expected behavior but also means the skill will execute anything the agent or user passes once approval is granted.
Install Mechanism
There is no install spec (instruction-only style) which is low risk in general. But the code depends on an external native binary (tmux) and on Node's child_process execSync; the absence of a declared required binary (tmux) or any install guidance is an inconsistency and operational risk. No external downloads or obscure URLs are used.
Credentials
The skill requests no environment variables, credentials, or config paths, which is proportionate for its stated purpose.
Persistence & Privilege
The skill is not always-enabled and does not request elevated persistence or modify other skills or system-wide agent settings. It exposes an agent-invokable tool (normal default).
What to consider before installing
This skill will run arbitrary shell commands inside a tmux session named 'claw' and return the pane output — that is its core function and is implemented in handler.js. Before installing, consider: (1) the skill does not declare tmux as a required binary but requires it — ensure tmux is present and you understand where commands will run; (2) its "dangerous command" check is a simple substring heuristic and can miss destructive or exfiltrating commands (e.g., piping remote scripts into sh, use of other destructive tools), so do not rely on it as a safety guarantee; (3) because the skill executes whatever commands the agent or user provides (after approval), any command with network access or file access can exfiltrate data or change the system — prefer running this skill in a restricted/sandboxed environment or with explicit human confirmation for any non-trivial command; (4) if you expect automatic use by the agent, review policy for when the agent is allowed to run commands and consider requiring explicit user confirmation for dangerous patterns. To improve trust: require/declare tmux in the metadata, expand or harden dangerous-command detection, and add explicit guidance about sandboxing or privilege expectations.Like a lobster shell, security has layers — review code before you run it.
latestvk975g74jhn7b90pdgwqqtgv17981cgwy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.