Skillv1.1.1

ClawScan security

Desktop Sandbox · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 12:13 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions are consistent with a desktop installer: it fetches releases from a GitHub repo and runs the platform installer, but it will download and execute system-level installers so you should verify the upstream project before running it.
Guidance: This skill will download a platform installer from the GitHub releases of AtlasCore-tech/desktop-sandbox-openclaw and execute it on your machine. That behavior matches its stated purpose but has real risk because installers run with system impact. Before using it: (1) verify the upstream GitHub repo and its maintainer are trustworthy, (2) inspect the release assets and checksums on the repo yourself (or ask for signed releases), (3) run the installer in a disposable/test environment first, (4) avoid granting admin privileges unless you trust the binary, and (5) if you need higher assurance, provide the full, untruncated script for code review and confirm there are no hidden network callbacks or telemetry endpoints beyond GitHub releases.

Review Dimensions

Purpose & Capability: okThe name and description claim to install a desktop sandbox. The code and SKILL.md implement a downloader/installer that fetches GitHub releases from the specified repo and runs the .pkg on macOS or .exe on Windows. Requiring node is appropriate for the provided Node script.
Instruction Scope: noteInstructions are narrow and explicit: run node scripts/run_installer.js (optionally with --version). The installer script downloads release assets from GitHub and executes them. This is in-scope for an installer, but the runtime will download arbitrary binaries from the repo's releases and execute them (including installing into system locations), which is a high-impact action that users should consciously approve.
Install Mechanism: noteThere is no packaged install spec; the skill is instruction + embedded Node script. The script uses the GitHub API to find release assets and downloads them directly (via HTTPS) before running installers. Using GitHub releases is a reasonable source, but downloading and executing release assets is moderate risk compared with an instruction-only skill because it writes and executes binaries on the host.
Credentials: okThe skill only requires the node binary and does not request credentials, environment variables, or config paths. The script does not appear to read unrelated environment variables or sensitive files in the provided portion of the code.
Persistence & Privilege: noteThe skill does not request permanent presence (always:false) and does not modify other skills. However, it attempts to run OS installers that may write to system directories (e.g., Program Files / root), which can trigger elevation prompts or require administrative privileges. That is expected for an installer but increases the potential impact if the upstream installer is untrusted.