tmux-mcp

The server's core functionality involves executing arbitrary commands within tmux panes, as explicitly warned in the README ('use it at your own risk ⚠️'). While the `paneId` argument to `tmux send-keys` is escaped to prevent simple single-quote injection (e.g., `paneId.replace(/'/g, "'\\''")`), the `command` string itself, when passed to `tmux send-keys ... Enter`, is the arbitrary command an AI is expected to execute. This means if the controlling AI is compromised or misconfigured, it could issue malicious commands that are then executed directly on the host system within a tmux pane. The `rawMode` and `noEnter` options further complicate monitoring as they disable command status tracking. No hardcoded secrets, obfuscation, or direct network listening (it uses standard I/O for communication) are observed, but the inherent capability to execute arbitrary shell commands poses a significant security risk if not used with extreme caution and trust in the AI's prompts.