Habilidades terminal-title Historial de auditorías
📦

Historial de auditorías

terminal-title - 4 auditorías

Versión de auditoría 4

Más reciente Riesgo medio

Jun 27, 2026, 03:51 PM

Static analysis found many external command, filesystem, obfuscation, weak crypto, and reconnaissance patterns. Review confirms the scripts are local title-setting helpers with input sanitization and no evidence of network access, credential collection, or malicious intent. The remaining concern is automatic, pre-approved script execution that writes terminal escape sequences, so publication should include a clear warning.

3
Archivos escaneados
378
Líneas analizadas
7
Review items
0
False positives ignored
Capability review items (4)

These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.

Medio
Automatic Local Script Execution Requires User Trust
The skill asks users to pre-approve Bash or PowerShell execution for bundled title scripts. The scripts appear scoped and sanitized, but automatic invocation on session start and topic changes increases trust requirements.
The documentation explicitly requests pre-approved command execution and silent invocation. The risk is confirmed, although the observed scripts have a narrow purpose.
Medio
Terminal Escape Sequence Output
The scripts emit terminal title escape sequences to stdout, Write-Host, or /dev/tty. Inputs are stripped of control characters and length-limited, which lowers the chance of escape injection.
The code directly emits ANSI title sequences, but it removes control characters from user-facing inputs before output.
Bajo
Static Obfuscation and Weak Crypto Matches Are False Positives
The hex-like patterns are PowerShell regular expression ranges for control character removal. The weak cryptography and reconnaissance matches occur in normal title-management documentation, with no evidence of cryptographic use or network scanning.
The cited lines contain sanitization syntax or ordinary documentation. No evidence found for encoded payloads, cryptographic operations, or network reconnaissance.
Bajo
Home Settings Path Mention Is User Configuration Guidance
The hidden home path reference tells users where to add Claude permission settings. It is not code that reads, writes, or exfiltrates that file.
The location is documentation for setup only. No evidence found that the skill reads secrets or modifies the settings file itself.

Patrones detectados

Pre-Approved Shell and PowerShell CommandsDirect Terminal Device Output
Auditado por: codex

Versión de auditoría 3

Seguro

Jan 16, 2026, 02:09 PM

This is a legitimate terminal productivity tool with no malicious intent. All static findings are false positives. The scripts use standard shell/PowerShell patterns to send ANSI escape sequences for setting terminal window titles. Input sanitization is properly implemented to prevent escape sequence injection attacks.

4
Archivos escaneados
615
Líneas analizadas
2
Review items
0
False positives ignored

Factores de riesgo

Auditado por: claude

Versión de auditoría 2

Seguro

Jan 16, 2026, 02:09 PM

This is a legitimate terminal productivity tool with no malicious intent. All static findings are false positives. The scripts use standard shell/PowerShell patterns to send ANSI escape sequences for setting terminal window titles. Input sanitization is properly implemented to prevent escape sequence injection attacks.

4
Archivos escaneados
615
Líneas analizadas
2
Review items
0
False positives ignored

Factores de riesgo

Auditado por: claude

Versión de auditoría 1

Riesgo bajo

Jan 10, 2026, 09:35 AM

Terminal title utility with shell scripts. Reads one environment variable, sanitizes all inputs, sends ANSI escape sequences to set terminal title. No network calls, no credential access, no file writes outside script execution. Risk is minimal and contained to local terminal manipulation.

3
Archivos escaneados
378
Líneas analizadas
3
Review items
0
False positives ignored

Factores de riesgo

Auditado por: claude