Virtual Box Manager
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: virtualboxmanager Version: 0.0.1 The skill bundle is classified as suspicious due to a critical shell injection vulnerability in `scripts/virtualbox-utils.ts`. The `vboxCommand` function directly interpolates user-controlled arguments into `child_process.exec` calls without proper sanitization or escaping. This flaw allows an attacker to inject arbitrary shell commands, potentially leading to remote code execution on the host system where the OpenClaw agent is running. While this is a severe vulnerability, there is no clear evidence of intentional malicious behavior (e.g., data exfiltration, backdoor installation) within the provided code, aligning it with a 'suspicious' classification rather than 'malicious'.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses these helpers with a malicious or malformed VM name/path, commands could run on the host machine with the user's privileges.
The code builds a shell command as a single string and interpolates VM names and other parameters into it. Quoting is not sufficient shell escaping, so crafted VM names, paths, snapshot names, or environment-provided binary paths could execute commands outside the intended VBoxManage operation.
const { stdout, stderr } = await execAsync(`${VBOXMANAGE} ${args}`); ... await vboxCommand(`showvminfo "${vmName}" --machinereadable`);Use execFile or spawn with an argument array instead of shell-string exec, validate VM names and paths, avoid shell interpolation, and require explicit confirmation for destructive VM operations.
A mistaken command could power off or delete a VM, change its network access, or share unintended host files with a guest VM.
These capabilities are expected for a VirtualBox manager, but they can persistently change local VM state, delete VM files, alter network exposure, or expose host folders to guest systems.
Delete VM and all associated files ... Configure network adapters ... Set up shared folders
Use this skill only for clearly named VMs and paths, confirm destructive actions, and prefer snapshots or backups before deletion, restore, networking, or shared-folder changes.