ClawHub

Devbox

Security checks across malware telemetry and agentic risk

Overview

Devbox is a coherent Docker dev-environment helper, but it under-discloses some risky local-development behavior, especially remote script execution for Bun projects and exposed default database credentials.

Review the generated docker-compose.dev.yml before running it. Avoid the Bun mode unless you accept the remote installer trust boundary, change default database and MinIO credentials before any shared or network-accessible use, check exposed ports and env_file mounts, and stop/remove containers and Docker volumes when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Low
Confidence
94% confidence
Finding
The README instructs users to generate `docker-compose.dev.yml` and run `docker compose ... up -d` without clearly warning that this will create files and start one or more containers, potentially including database services. In a developer-tool skill this behavior is expected, but the lack of an explicit side-effect warning can still lead to users starting services or altering the project workspace without fully understanding the consequences.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The database example compose files include hardcoded usernames and passwords such as devbox/devbox and expose the services on host ports, but the document does not clearly warn that these values are only appropriate for disposable local development. In practice, users often copy templates into broader environments, so these defaults can lead to trivial unauthorized access if reused or if the ports are reachable from other machines.

External Script Fetching

High
Category
Supply Chain
Content
case "$pkg_mgr" in
        pnpm) install_cmd="npm install -g pnpm && pnpm install --no-frozen-lockfile" ;;
        yarn) install_cmd="npm install -g yarn && yarn install" ;;
        bun)  install_cmd="curl -fsSL https://bun.sh/install | bash && export BUN_INSTALL=/root/.bun && export PATH=\$BUN_INSTALL/bin:\$PATH && bun install" ;;
        *)    install_cmd="npm install" ;;
      esac
Confidence
97% confidence
Finding
curl -fsSL https://bun.sh/install | bash

External Script Fetching

High
Category
Supply Chain
Content
case "$pkg_mgr" in
        pnpm) install_cmd="npm install -g pnpm && pnpm install --no-frozen-lockfile" ;;
        yarn) install_cmd="npm install -g yarn && yarn install" ;;
        bun)  install_cmd="curl -fsSL https://bun.sh/install | bash && export BUN_INSTALL=/root/.bun && export PATH=\$BUN_INSTALL/bin:\$PATH && bun install" ;;
        *)    install_cmd="npm install" ;;
      esac
      echo "    command: >" >> "$COMPOSE_FILE"
Confidence
97% confidence
Finding
curl -fsSL https://bun.sh/install | bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal