Pywayne Bin Cmdlogger
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on a destructive or account-changing command, the logger will still execute that command while recording its I/O.
The skill is designed to execute arbitrary user-supplied commands. This is purpose-aligned for a command logger, but broad command execution can affect files, systems, or accounts depending on the command chosen.
`cmdlogger <command> [args...]` and `command | The command to execute`
Use it only for commands the user has explicitly requested, and review commands that deploy, delete, publish, or modify important data before running them.
The behavior depends on whatever `cmdlogger` executable is present in the user's environment, which may not be the one the user expects.
The documentation relies on a `cmdlogger` executable, while the provided package is instruction-only and does not include an install spec or declared binary requirement.
`cmdlogger --log-path <log_path> <command> [args...]`
Confirm the installed `cmdlogger` binary and its source before using this skill, especially on sensitive commands.
Passwords, tokens, private command output, or debugging data may remain on disk in the log file after the command finishes.
The skill intentionally persists full stdin, stdout, and stderr to a log file, including potentially sensitive interactive input.
`User input (including passwords) is logged. Be careful with sensitive information.`
Avoid using it for password prompts or secret-bearing commands, choose log paths carefully, restrict log file access, and delete or redact logs when no longer needed.