Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Claude Code Bridge
v0.2.1Bridges OpenClaw (QQ, Telegram, WeChat, and other messaging channels) to a persistent Claude Code CLI session running in a background tmux process. Enables s...
⭐ 0· 307·1 current·1 all-time
byLinghaoz@zlhad
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (bridge chat → persistent local Claude Code CLI via tmux) matches the included script and instructions: tmux session management, send-keys, capture-pane, etc. Requiring tmux and a local 'claude' binary is coherent with the stated purpose.
Instruction Scope
SKILL.md and the script instruct the agent to start/stop sessions, forward arbitrary user messages into a live CLI, simulate keypresses (including Ctrl sequences), capture terminal output to a local log, and automatically approve/deny TUI prompts based on chat responses. The instructions do not document any message-author or channel-level access control; forwarding arbitrary chat messages to a local CLI is a high-impact capability (can cause command execution and file read/write via Claude Code). The SKILL.md also references the script path under ~/.openclaw/workspace/skills/cc-bridge which is consistent, but it relies on runtime detection strings like "Do you want to proceed" which could be brittle.
Install Mechanism
There is no remote install or download step; the skill is instruction-only and includes the bridging script. No external packages or network fetches are performed by an installer — lower risk from supply chain perspective. However the script will create local state under $HOME/.openclaw/cc-bridge.
Credentials
Metadata declares no required env vars or config paths, yet the script reads CLAUDE_BIN (not declared) and creates/uses $HOME/.openclaw/cc-bridge for logs/offsets. It also assumes tmux and a usable 'claude' binary in PATH. These implicit dependencies and the ability to capture terminal output (logs) should have been declared; the missing declarations reduce transparency and make it unclear what secrets or files could be accessed.
Persistence & Privilege
always:false (no forced global enable). The skill writes state/logs to $HOME/.openclaw/cc-bridge and creates tmux sessions named ccb_<id>, which is normal for this functionality. Autonomous invocation is allowed by default (not a unique concern), but combined with the bridge behavior this increases blast radius if untrusted chats can trigger actions.
What to consider before installing
This skill does what it says (bridges chats to a local interactive Claude Code terminal), but it grants chat participants the ability to inject arbitrary input into a local CLI process and captures terminal output to local logs. Before installing: (1) review the full scripts yourself (especially send-keys and pipe-pane usage); (2) ensure only trusted channels/users can reach this skill (OpenClaw should enforce author/channel restrictions); (3) confirm you want a remote-to-local CLI bridge — it can be used to run commands that read secrets or modify files; (4) explicitly set/verify CLAUDE_BIN and ensure tmux/claude are installed; (5) consider tightening file permissions on $HOME/.openclaw/cc-bridge and auditing generated logs; (6) if you need stricter safety, add explicit authentication/authorization checks in the bridge (e.g., whitelist chat IDs) or avoid installing in environments with sensitive data.Like a lobster shell, security has layers — review code before you run it.
latestvk9774gvbp7aatk3d1g81zjf9d582kghh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.