# claw-shell
ALWAYS USES TMUX SESSION `claw`.
## PURPOSE
- RUN SHELL COMMANDS INSIDE TMUX SESSION `claw`
- NEVER TOUCH ANY OTHER SESSION
- READ OUTPUT BACK TO THE AGENT
## INTERFACE
### Tool: `claw_shell_run`
**Inputs:**
- `command` (string, required): shell command to run inside session `claw`.
**Behavior:**
1. Attach to tmux session `claw` (create it if missing: `tmux new -s claw -d`).
2. Send the command followed by Enter.
3. Capture the latest pane output.
4. Return the captured output to the agent.
## SAFETY
- DO NOT RUN:
- `sudo`
- `rm` (without explicit user approval)
- `reboot`, `shutdown`, or destructive system-level commands
- IF THE COMMAND CONTAINS ANY OF THE ABOVE:
- ASK USER FOR CONFIRMATION BEFORE EXECUTING.
## EXAMPLES
- SAFE:
- `ls -la`
- `bird read https://x.com/...`
- `git status`
- DANGEROUS (ASK FIRST):
- `rm -rf ...`
- `docker system prune -a`
- `chmod -R ...`
related skills
semantically similar in the cross-vendor index
don't have the plugin yet? install it then click "run inline in claude" again.
+explicit blocklist for dangerous commands (sudo, rm, reboot) with user confirmation fallback
+straightforward tool interface with single required input
weaknesses
~trigger phrases missing entirely - no examples of natural language invocations, only tool-level interface
~safety model is incomplete: blocklist is shallow (no mention of pipe chains, command injection via backticks, eval-like constructs, or background process handling)
~output capture strategy unspecified - 'latest pane output' is vague (how many lines? timeout? handle multi-line output correctly?)