Security audit
Tmux
Security checks across malware telemetry and agentic risk
Overview
The skill does what it says, but it gives an agent broad read/write control over persistent tmux sessions without enough safeguards around destructive actions or sensitive terminal output.
Install only if you intentionally want an agent to read from and type into your tmux sessions. Use known session and pane targets, avoid panes that may contain secrets, and require explicit confirmation before approvals, Enter on prompts, control keys, kill-session, or commands that could change files or running processes.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.