Is skills/tmux safe?

https://github.com/openclaw/openclaw/tree/main/skills/tmux

91
SAFE

This tmux skill provides legitimate session control functionality with proper documentation and utility scripts. No malicious behavior detected during installation, and all security monitoring shows normal operation.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 80/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

LOW Executable shell scripts present -20

The skill contains two shell scripts (wait-for-text.sh and find-sessions.sh) that have execution permissions. While they appear legitimate, shell scripts inherently carry execution risks.

LOW Tmux session access capability -10

The skill provides the ability to control and read from tmux sessions, which could potentially access sensitive information displayed in terminal sessions.

INFO Potential for session hijacking -15

While the intended functionality is legitimate, the tmux control capabilities could be misused to interact with sensitive terminal sessions without user awareness.