ClawHub

E2B Desktop

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it says, but its powerful desktop-control scripts accept raw input in ways that can execute unintended local Python code when given crafted arguments.

Install only if you intentionally need E2B desktop automation and trust the agents and inputs that will call it. Do not feed raw model output or untrusted webpage text into these scripts without adding argument escaping, validation, and confirmations for destructive actions. Use a dedicated E2B API key, avoid exposing VNC stream URLs or auth keys in logs, and run kill_sandbox.sh when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Low
Confidence
81% confidence
Finding
The skill explicitly supports running arbitrary shell commands in the sandbox and killing sandboxes, but the documentation does not warn that these actions are potentially destructive or could terminate active work. In an agent setting, lack of warnings or guardrails can cause unsafe command execution, data loss inside the sandbox, or accidental teardown of environments.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script accepts an arbitrary command string from its first argument and passes it directly into Python code that invokes desktop.commands.run(), enabling unmediated command execution inside the E2B desktop sandbox. In the context of a computer-use skill specifically designed to control a remote Linux desktop, this is inherently dangerous because callers can execute destructive commands, exfiltrate data from the sandbox, or abuse any credentials, network access, or mounted resources available there without any confirmation, restriction, or validation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal