Virtual Box Manager
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill does what it claims, but its helper script builds host shell commands unsafely, so crafted VM names or paths could run unintended commands.
Review before installing. The skill’s VirtualBox powers are expected, but the included TypeScript helper should be fixed to avoid shell injection before it is trusted with VM names, file paths, or other user-controlled values.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses these helpers with a malicious or malformed VM name/path, commands could run on the host machine with the user's privileges.
The code builds a shell command as a single string and interpolates VM names and other parameters into it. Quoting is not sufficient shell escaping, so crafted VM names, paths, snapshot names, or environment-provided binary paths could execute commands outside the intended VBoxManage operation.
const { stdout, stderr } = await execAsync(`${VBOXMANAGE} ${args}`); ... await vboxCommand(`showvminfo "${vmName}" --machinereadable`);Use execFile or spawn with an argument array instead of shell-string exec, validate VM names and paths, avoid shell interpolation, and require explicit confirmation for destructive VM operations.
A mistaken command could power off or delete a VM, change its network access, or share unintended host files with a guest VM.
These capabilities are expected for a VirtualBox manager, but they can persistently change local VM state, delete VM files, alter network exposure, or expose host folders to guest systems.
Delete VM and all associated files ... Configure network adapters ... Set up shared folders
Use this skill only for clearly named VMs and paths, confirm destructive actions, and prefer snapshots or backups before deletion, restore, networking, or shared-folder changes.