Back to skill

Security audit

Tmux

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but it encourages unattended coding-agent control and can dump tmux pane contents, so users should review it before installing.

Install only if you are comfortable letting an agent control tmux sessions. Use a private tmux socket, avoid --yolo or --full-auto unless you explicitly approve the task and workspace, review diffs before accepting changes, avoid sensitive panes when using wait-for-text.sh, and kill tmux sessions when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly recommends launching coding agents with high-autonomy flags like `--yolo` or `--full-auto` and demonstrates injecting shell commands into tmux sessions, but it does so without strong safety framing or approval requirements. In an agent setting, this normalizes unattended code execution and repository modification, increasing the chance of destructive changes, misuse of credentials, or execution of unsafe commands in the wrong directory/session.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
On timeout, the script prints the last captured tmux pane contents directly to stderr. tmux panes often contain sensitive interactive CLI output such as credentials, tokens, secrets, internal commands, or customer data, so a failed wait condition can unintentionally disclose data into logs, CI output, or higher-level agent traces. In this skill context, the risk is elevated because the tool is explicitly designed to remote-control and scrape interactive sessions, making sensitive pane capture part of normal operation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.