Back to skill
Skillv1.1.1
VirusTotal security
Desktop Sandbox · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:44 AM
- Hash
- 3ee46e1a41e7fb4d96906f91d74e1daa833d25e69d60d3a4b29c7692b95494a9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: desktop-sandbox Version: 1.1.1 The skill bundle is suspicious due to the inherent supply chain vulnerability in `scripts/run_installer.js`. This script downloads and executes an arbitrary binary (either a `.pkg` or `.exe` installer) from a remote GitHub repository (`github.com/AtlasCore-tech/desktop-sandbox-openclaw`). While the script's stated purpose is to install a desktop sandbox, the act of fetching and executing external code introduces a significant RCE risk. If the specified GitHub repository or its release assets were to be compromised, the script would unknowingly download and execute malicious software on the host system. This constitutes a critical vulnerability rather than direct malicious intent by the script itself.
- External report
- View on VirusTotal