orbstack-best-practices
Warn
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE]: The documentation identifies the specific path to the SSH private key used by the platform (
~/.orbstack/ssh/id_ed25519), which is a target for credential exposure. - [COMMAND_EXECUTION]: The skill details the use of the
macutility, which allows for the execution of arbitrary commands on the macOS host from within a Linux VM (e.g.,mac open <url>,mac uname -a), effectively bridging the isolation boundary between the virtual machine and the host system. - [COMMAND_EXECUTION]: The Cloud-Init example (
user-data.yml) demonstrates how to provision users withNOPASSWD:ALLsudo privileges, which establishes a high-privilege environment that could be abused if the VM processes untrusted data. - [DATA_EXFILTRATION]: The skill identifies and provides access patterns for the host's macOS filesystem from within the Linux environment (e.g.,
/mnt/mac/Users/...), which allows for broad data access across the host user's directory. - [COMMAND_EXECUTION]: Extensive patterns are provided for running arbitrary shell commands and scripts within VMs via
orbandorb -m <machine> ./script.sh, which represents a significant command execution surface.
Audit Metadata