Virtual Box Manager
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses these helpers with a malicious or malformed VM name/path, commands could run on the host machine with the user's privileges.
The code builds a shell command as a single string and interpolates VM names and other parameters into it. Quoting is not sufficient shell escaping, so crafted VM names, paths, snapshot names, or environment-provided binary paths could execute commands outside the intended VBoxManage operation.
const { stdout, stderr } = await execAsync(`${VBOXMANAGE} ${args}`); ... await vboxCommand(`showvminfo "${vmName}" --machinereadable`);Use execFile or spawn with an argument array instead of shell-string exec, validate VM names and paths, avoid shell interpolation, and require explicit confirmation for destructive VM operations.
A mistaken command could power off or delete a VM, change its network access, or share unintended host files with a guest VM.
These capabilities are expected for a VirtualBox manager, but they can persistently change local VM state, delete VM files, alter network exposure, or expose host folders to guest systems.
Delete VM and all associated files ... Configure network adapters ... Set up shared folders
Use this skill only for clearly named VMs and paths, confirm destructive actions, and prefer snapshots or backups before deletion, restore, networking, or shared-folder changes.