tmux
Audited by Socket on Feb 19, 2026
1 alert found:
Security[Skill Scanner] Skill instructions include directives to hide actions from user All findings: [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill is functionally consistent with its stated purpose (remote control and automation of tmux sessions). It does not contain clear signs of obfuscated/malicious code or network exfiltration to remote domains. However, by design it enables execution of arbitrary commands inside tmux panes and exposure of pane output and socket paths. That makes it high-impact: safe when used by trusted users and with careful permissions, but dangerous if run by an untrusted agent or without filesystem/socket permission hardening. Recommend restricting which agents can call these helpers, ensuring registry and socket permissions are tight (only owner accessible), and avoiding sending sensitive credentials through automated sessions. LLM verification: This SKILL.md documents a legitimate tmux automation skill whose capabilities (send-keys, capture-pane, session registry) match its stated purpose. I found no signs of obfuscated or remote malicious code in the provided documentation. However, the skill inherently has high local-privilege power: it can execute arbitrary commands inside user shells and read terminal output (which may contain secrets). That makes misuse or accidental disclosure likely if the implementation or operational policies