ClawHub
Code Pluginsource linked

Dexbox Desktop Controlv1.1.0

Create, control, and manage multiple Windows VMs and RDP desktops from your agent. Take screenshots, click, type, scroll, run PowerShell commands, and manage desktop lifecycle -- all through 12 tools powered by dexbox. Requires the dexbox binary (see https://github.com/getnenai/dexbox#quick-start for install instructions) and a running dexbox server.

@nen/dexbox·runtime @nen/dexbox·by @nen
Community code plugin. Review compatibility and verification before install.
openclaw plugins install clawhub:@nen/dexbox
Latest release: v1.1.0Download zip

Capabilities

Tags
executes-code
configSchema
Yes
Executes code
Yes
HTTP routes
0
Runtime ID
@nen/dexbox

Compatibility

Built With Open Claw Version
2026.4.2
Min Gateway Version
2026.4.2
Plugin Api Range
>=2026.4.2
Plugin Sdk Version
2026.4.2
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (remote/control Windows VMs via a local dexbox server) matches the code and tools. However, registry metadata lists no required binaries while the SKILL.md declares a required 'dexbox' binary and provides an install command — a mismatch between declared requirements and runtime instructions.
!
Instruction Scope
SKILL.md instructs only dexbox-related actions (start, up, screenshots, PowerShell via 'bash'), which is within expected scope. However it also includes an inline install instruction that pipes a GitHub-hosted script to sh, and the doc's claim that "all data stays between this plugin and the dexbox server on your machine" is only true if the configured baseUrl is local; the plugin allows changing baseUrl, which could cause data (screenshots, RDP passwords, command output) to be sent to an arbitrary server.
!
Install Mechanism
The recommended install method in SKILL.md uses curl -sSfL https://raw.githubusercontent.com/.../install.sh | sh. Piping a remote script directly to the shell is high-risk because arbitrary code is fetched and executed; although the URL is GitHub raw (better than a random IP/shortener), it's still an unreviewed script executed at install time.
Credentials
The skill declares no required environment variables or credentials in the registry. It does accept sensitive inputs (RDP passwords) which are posted to the configured dexbox server as part of create_desktop. That is appropriate for the described feature, but because the plugin's baseUrl is configurable, supplying credentials while the baseUrl is pointed to a non-local host would result in credential transmission to that host.
Persistence & Privilege
The plugin does not request always:true or any special persistent privileges and does not modify other skills. It can be invoked autonomously (platform default) — note that autonomous invocation plus the ability to control VMs and run PowerShell is powerful and should be allowed only if you trust the skill and configuration.
Scan Findings in Context
[curl_pipe_sh] expected: SKILL.md includes 'curl -sSfL https://raw.githubusercontent.com/getnenai/dexbox/main/install.sh | sh' as an install option. This installs the dexbox binary (expected for purpose) but is a high-risk install pattern (remote script executed locally).
[transmit_credentials_to_server] expected: create_desktop accepts 'password' and posts it to the dexbox server. Sending credentials to the dexbox server is required for RDP registration, but it means credentials will be transmitted to whatever baseUrl is configured.
[configurable_base_url] expected: openclaw.plugin.json exposes a baseUrl config (default http://localhost:8600). This is necessary to point to your dexbox server, but a non-local baseUrl would cause all interactions (screenshots, commands, credentials) to be routed off-host.
What to consider before installing
This plugin appears to do what it says (control Windows VMs via a dexbox server), but take these precautions before installing or enabling it: - Review the install script before running it. Curl|sh from raw GitHub executes code on your machine; inspect the script or prefer a packaged release. - Keep the plugin's baseUrl set to a local, trusted host (e.g., http://localhost:8600). Do not change it to a remote server you don't control; otherwise screenshots, PowerShell outputs, and RDP passwords will be transmitted to that server. - Be aware that create_desktop requires RDP credentials; only provide secrets if you trust the dexbox server host. - Because the skill can autonomously invoke tools that click, type, and run PowerShell, only enable autonomous use if you trust the skill and limit who/what can call it. - If you need higher assurance, request the upstream project's release artifacts or a signed installer and perform an audit of the install.sh script and the dexbox server implementation.

Verification

Tier
source linked
Scope
artifact only
Summary
Validated package structure and linked the release to source metadata.
Source
github.com/getnenai/dexbox
Commit
fe39bd8af12b
Tag
fe39bd8af12b1a0bba7d44f95823c1418cfe6c14
Provenance
No
Scan status
pending

Tags

latest
1.1.0