ClawHub

Container Gaming — Podman, Distrobox, Flatpak, Sunshine

Security checks across malware telemetry and agentic risk

Overview

This Linux gaming skill is mostly coherent, but it includes privileged remote install and background network-exposure commands without enough safety guidance.

Review before installing or using this skill. Prefer distro/package-manager installation for Distrobox instead of running a remote script with sudo, use trusted and pinned container images where possible, limit Flatpak/container permissions to the specific app or game, and only expose Sunshine through Tailscale for trusted devices with authentication and ACLs configured. Stop or disable Sunshine/Tailscale serving when remote streaming is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill documents a curl-piped-to-shell command that fetches and executes a remote script with sudo privileges. This creates a direct arbitrary-code-execution path if the upstream script, transport, or referenced branch is compromised, and it exceeds a safe documentation pattern because it normalizes unaudited privileged execution.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill includes commands to expose Sunshine services through Tailscale, which expands access beyond the local host into a remotely reachable context. In a gaming/streaming skill this is related to functionality, but publishing control/streaming ports without clear authentication and exposure guidance can unintentionally broaden attack surface.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation presents a risky remote installer command without any warning that it executes internet-fetched code as root. Even if intended for convenience, omission of risk context can mislead users into unsafe behavior and increase the chance of supply-chain compromise or accidental system modification.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The flatpak override commands change application permissions, including GPU device and Wayland socket access, without noting the resulting trust and isolation tradeoffs. These are common gaming tweaks, but documenting them without caveats can weaken sandbox expectations and expose host resources more broadly than users realize.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal