Security Audit
wezterm
github.com/Mrc220/agent_flywheel_clawdbot_skills_and_integrationsTrust Assessment
wezterm received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Agent granted arbitrary command execution via WezTerm CLI.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 6a655802). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Agent granted arbitrary command execution via WezTerm CLI The skill exposes the `wezterm` CLI, which allows the AI agent to execute arbitrary commands on the host system. Commands such as `wezterm cli split-pane --right -- htop`, `wezterm cli spawn -- vim`, `wezterm cli send-text "echo hello\n"`, and `wezterm start -- htop` explicitly demonstrate the ability to run any command, including potentially malicious ones, or inject commands into active user sessions. This grants the AI agent full shell access, posing a severe security risk. The `send-text` command is particularly dangerous as it can inject arbitrary commands into an already running terminal session, potentially disrupting user work or executing malicious commands in the user's context. Do not grant AI agents access to this skill unless the execution environment is fully sandboxed and the risks of arbitrary command execution are understood and accepted. If access is strictly necessary, implement a rigorous allowlist of specific `wezterm` subcommands and arguments the agent is permitted to use, carefully reviewing each for potential command injection vectors. Avoid or severely restrict the use of `wezterm cli send-text` by an agent due to its ability to inject commands into active user sessions. | Static | SKILL.md:35 |
Scan History
Embed Code
[](https://skillshield.io/report/580a8214b095535b)
Powered by SkillShield