Prts Sandbox

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a sandbox command runner, but it gives broad shell execution and offensive security examples without enough visible scoping or authorization safeguards.

Review this before installing. Only use it for systems you own or are explicitly authorized to test, and make sure the sandbox's network and filesystem boundaries are real. The skill is not judged malicious from the available evidence, but it should be treated as a high-risk command-execution tool rather than a general productivity skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill exposes shell-command execution capability via `sandbox-cmd.sh exec` but declares no permissions, which weakens governance and informed-consent controls around a high-risk capability. Even though the commands are intended to run in a sandbox, the skill explicitly enables arbitrary command execution and references lifecycle operations like start/reset, so the lack of declared permissions can cause the agent platform to under-enforce or miscommunicate risk.

YARA rule 'offensive_tool_references': References to well-known offensive security tools [hacktools]

High

Category: YARA Match
Content: **Step 3 — Execute your command:** ```bash ~/.openclaw/skills/prts-sandbox/scripts/sandbox-cmd.sh exec nmap -sV 192.168.1.1 ~/.openclaw/skills/prts-sandbox/scripts/sandbox-cmd.sh exec sqlmap -u "http://target/page?id=1" ~/.openclaw/skills/prts-sandbox/scripts/sandbox-cmd.sh exec sh -c "hydra -l admin -P /wordlist.txt ssh://192.168.1.10" ```
Confidence: 97% confidence
Finding: nmap -s; hydra -l admin -P; crackmapexec; crackmapexec

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal