Skillv1.0.0

ClawScan security

Tmux · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 11, 2026, 8:21 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is coherent with its stated purpose (remote-controlling tmux sessions); it contains only small metadata mismatches and some privacy risks inherent to capturing tmux panes, but nothing that indicates malicious intent.
Guidance: This skill does what it says: it controls tmux sessions and reads pane output. Before installing, verify you have tmux installed and review/confirm the two helper scripts (wait-for-text.sh and find-sessions.sh). Pay special attention to CLAWDBOT_TMUX_SOCKET_DIR: make sure the socket directory is private and that the agent should legitimately have access to the tmux sockets there — any tmux session accessible to that socket can be read and have keystrokes injected, which could expose sensitive terminal output or let the agent run commands in those sessions. Also note the small metadata mismatch (registry didn't list tmux as a required binary while SKILL.md does); ensure the runtime environment includes tmux and that you are comfortable granting the skill access to the specified socket directory.

Purpose & Capability: noteThe name/description match the included scripts and instructions: everything is about controlling tmux, sending keystrokes, and scraping pane output. Minor inconsistency: the registry metadata listed no required binaries, but SKILL.md metadata and the scripts clearly require tmux on PATH.
Instruction Scope: noteInstructions are narrowly scoped to tmux operations (create sessions, send-keys, capture-pane, wait-for-text). They also include guidance to scan sockets under CLAWDBOT_TMUX_SOCKET_DIR and to capture pane history — which is expected for this skill but means the agent can read any terminal content accessible via those sockets (potentially exposing secrets). There are no network exfiltration endpoints or unrelated file reads in the instructions.
Install Mechanism: okNo install spec; this is instruction-only plus two small helper shell scripts. Nothing is downloaded or written by an installer.
Credentials: noteThe skill requests no credentials and no config paths in the registry, but SKILL.md uses an environment variable (CLAWDBOT_TMUX_SOCKET_DIR) to locate sockets. That env var is reasonable for purpose but should have been declared. No secrets are requested by the skill itself.
Persistence & Privilege: okalways:false (no forced inclusion) and the skill does not attempt to modify other skills or system-wide agent settings.