Back to skill

Security audit

E2B Sandbox

Security checks across malware telemetry and agentic risk

Overview

This skill coherently provides user-directed E2B cloud sandbox management with disclosed credential, setup, and state-file behavior.

Install this only if you want OpenClaw agents to manage E2B cloud sandboxes. Configure E2B_API_KEY securely, review the MCPorter config change before or after registration, and supervise sandbox commands, public port exposure, snapshots, and dependency installation when working with sensitive projects.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script automatically modifies the user's global mcporter configuration under the home directory and replaces or creates the e2b-sandbox entry without any prompt, backup, merge safeguards, or validation of existing settings. In a skill that provisions remote sandboxes and writes command definitions, silent config mutation is security-relevant because it can persistently change agent tool behavior and unexpectedly inject environment-backed credentials into future runs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.