Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
E2B Desktop
v1.0.0Control E2B Desktop sandboxes (virtual Linux desktops) for computer-use agents. Use when you need to create/manage sandboxed desktop environments, take scree...
⭐ 0· 388·1 current·1 all-time
by@eyhn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the included scripts and SDK usage: scripts provide mouse/keyboard, screenshots, run commands, and VNC streaming as advertised. However, the registry metadata lists no required environment variables while the SKILL.md and every script require an E2B_API_KEY (and optionally E2B_SANDBOX_ID). That metadata omission is an inconsistency that could mislead reviewers or automation.
Instruction Scope
Runtime instructions and scripts stay within the sandbox domain: they read/write ~/.e2b_state, use E2B_API_KEY, and call the e2b-desktop SDK to control the VM. They also expose sandbox screenshots, stream URLs and (when requested) stream auth keys, and provide a run_command.sh that executes arbitrary shell commands inside the sandbox. Those behaviors are expected for a desktop-control skill but raise data-exfiltration risk (screenshots/streams/printed auth keys) which the SKILL.md demonstrates by sending screenshots to an LLM in an example.
Install Mechanism
No install spec is included (instruction-only); the SKILL.md asks users to 'pip install e2b-desktop'. The skill itself does not download arbitrary code or use obscure URLs. Risk depends on the external 'e2b-desktop' package provenance (not included here).
Credentials
The scripts require E2B_API_KEY (and may use E2B_SANDBOX_ID / ~/.e2b_state), but the registry metadata declares no required env vars or primary credential. Requiring a service API key is proportionate to the purpose, but the missing declaration is a transparency problem. Also, the skill prints stream auth keys and URLs (sensitive) to stdout which could be captured by whatever calls these scripts.
Persistence & Privilege
always is false and the skill writes only its own state file (~/.e2b_state). It does not request permanent platform-wide privileges or modify other skills. Note: because disable-model-invocation is false (normal default), an agent allowed to invoke skills autonomously could use this skill to run commands in sandboxes and start streams; combine that with the other concerns when granting autonomous permissions.
What to consider before installing
This skill appears to implement the advertised sandbox control functions, but check these before installing:
- Verify the publisher/source and the 'e2b-desktop' Python package on PyPI (or the expected distribution) — the repo/homepage is missing in the metadata.
- Provide an API key (E2B_API_KEY) with minimal privileges and rotate it if you later remove the skill; the registry metadata failing to declare it is an oversight.
- Be cautious about screenshots, VNC stream URLs, and printed AUTH_KEY values — these are sensitive and could leak data if logged or sent to external services (e.g., the example that sends screenshots to an LLM).
- Review who/what can call the scripts (especially run_command.sh) — they allow arbitrary command execution inside the sandbox; ensure the sandboxing/isolation meets your threat model.
- If you plan to allow autonomous agent invocation, limit that agent's permissions and monitor for unexpected stream starts or state changes.
If you want a stronger assurance, ask the publisher for an official homepage/repo and a signed release of the 'e2b-desktop' SDK or provide the SDK source for review.Like a lobster shell, security has layers — review code before you run it.
latestvk9766ndvpcsf7ftfw7fd2tj6as822j3h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.