Skills
skills/openclaw/skills/desktop-sandbox/Gen Agent Trust Hub

desktop-sandbox

Fail

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads binary installer files (.exe for Windows, .pkg for macOS) from the 'AtlasCore-tech/desktop-sandbox-openclaw' GitHub repository. While the repository is related to the skill's stated purpose, it is not a verified or well-known trusted organization.
  • [COMMAND_EXECUTION]: On Windows, the script executes a PowerShell command to run the installer with administrative privileges (/S /D=C:\Program Files\) and a hidden window style. On macOS, it uses pkgutil to query system package information and open -W to execute the installer.
  • [REMOTE_CODE_EXECUTION]: By downloading and automatically executing arbitrary binaries from a remote GitHub release without integrity verification (like checksum or signature validation), the skill facilitates remote code execution of third-party software on the host system.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 1, 2026, 01:51 PM