Tmux Steipete

Remote-control tmux sessions for interactive CLIs by sending keystrokes and scraping pane output.

This skill appears to do what it says (control tmux sessions) and only requires tmux, but review before installing: - Metadata mismatch: the embedded _meta.json ownerId differs from the registry ownerId — that suggests copy/paste or packaging issues; verify the publisher identity if that matters to you. - Socket targeting is powerful: the scripts accept arbitrary socket paths and a --all scan mode. If the socket directory is shared (e.g., a world-writable /tmp path or system tmux socket), the skill could list, read, and send keystrokes to other users' tmux sessions — effectively running commands in their shells. Only run this skill in an isolated environment or ensure CLAWDBOT_TMUX_SOCKET_DIR points to a private socket directory. - The SKILL.md references CLAWDBOT_TMUX_SOCKET_DIR but the skill metadata doesn't declare it; treat that env var as required configuration and confirm its value before use. - No network exfiltration endpoints or hidden downloads were found in the files, but the core capability (send-keys, capture-pane) is inherently sensitive. If you plan to allow autonomous agent invocation, be cautious: an agent could use this skill to control local shells if given socket paths. If you want to proceed: verify the publisher, restrict the socket directory to a private location, and test in a non-production environment first.

Type: OpenClaw Skill Name: tmux-steipete Version: 1.0.0 The skill provides a set of utility scripts and instructions for managing tmux sessions, enabling an AI agent to interact with terminal-based applications. It includes helper scripts for listing sessions (`find-sessions.sh`) and polling pane output for specific text (`wait-for-text.sh`), while recommending the use of isolated sockets in temporary directories to maintain environment hygiene. No evidence of malicious intent, data exfiltration, or unauthorized persistence was found.