ClawHub
Back to skill

Security audit

Tmux Temp

Security checks across malware telemetry and agentic risk

Overview

This tmux skill is purpose-aligned but gives agents broad, persistent terminal-control power without enough user-control guardrails.

Install only if you want agents to control local tmux sessions. Use isolated sockets, avoid panes containing secrets, require explicit approval before sending commands or using `--yolo`/`--full-auto`, keep work limited to named directories, monitor detached sessions, and confirm no important work is running before cleanup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
This is a mismatch because the description emphasizes remote control of tmux sessions by sending keystrokes and scraping pane output, but the provided code only implements session discovery and waiting for text in pane output. There is no code to send keystrokes, invoke tmux send-keys, or otherwise control an interactive CLI. Additionally, the code includes socket-directory scanning and session enumeration capabilities not mentioned in the description. While scraping pane output is partially represented by wait-for-text.sh, the primary claimed capability of remote control is not implemented.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This markdown file includes cleanup commands like `kill-session` and `kill-server` that can abruptly terminate running interactive jobs and discard session state. The section presents these operations as routine usage but does not warn users about their destructive impact on active processes or unsaved work.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal