ClawHub

Desktop Sandbox

Security checks across malware telemetry and agentic risk

Overview

This skill appears to install the advertised desktop sandbox, but it downloads and runs persistent native installers without strong verification or clear confirmation controls.

Install only if you trust AtlasCore and the referenced GitHub releases. Prefer a pinned version, verify the downloaded installer through signatures or hashes where possible, and expect persistent system-level changes that may require administrator approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The conversation triggers are broad installation phrases such as 'Install desktop sandbox' and 'Download and install AtlasCore sandbox', which can overlap with ordinary user requests and cause this skill to activate unexpectedly. Because the skill performs installer execution with system-wide effects, overly generic triggers increase the risk of unintended software download and installation without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill describes downloading and running platform-native installers, including silent/system-wide installation paths like '/S /D=C:\Program Files\' and macOS package installation to '/'. However, it provides no user-facing warning that the action has privileged, system-wide effects, which can mislead users into approving impactful changes without understanding persistence, privilege prompts, or trust implications.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script downloads an installer from a remote GitHub release and immediately executes it, with no user confirmation, no integrity verification, and no signature validation in the script. In an agent skill context, this creates a supply-chain execution path where a compromised release, repo, redirect target, or manipulated version can lead to arbitrary native code execution on the host.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal