claude-code-wingman

The skill/document describes a coherent, purpose-aligned orchestration tool for Claude Code sessions with remote control via WhatsApp, including approval handling and per-session management. It introduces notable risk surfaces: reliance on local shell scripts and tmux for process control, handling of sensitive config/webhook tokens, and a trust-prompt mechanism that could be abused if the host is compromised. The data flow includes credential/config reads and command executions that could affect multiple sessions. Without concrete code and secure handling guarantees (credential protection, restricted permissions, auditable actions, and strict input validation), the footprint is consistent with the stated purpose but moderately suspicious from a security governance perspective. Treat as SUSPICIOUS with a moderate risk profile pending a secure implementation review and containment controls.