The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads installation and update scripts from the openclaw.ai domain to both the host and guest VMs.\n- [REMOTE_CODE_EXECUTION]: Downloaded scripts from openclaw.ai are executed to manage software installations, which constitutes remote code execution from a non-whitelisted source.\n- [COMMAND_EXECUTION]: The skill extensively uses the prlctl utility to execute arbitrary commands and scripts inside macOS, Linux, and Windows guest operating systems.\n- [COMMAND_EXECUTION]: PowerShell scripts are dynamically constructed and executed via the -EncodedCommand flag, which uses Base64 to hide the script content from simple string matching.\n- [COMMAND_EXECUTION]: Node.js is utilized to run dynamic code strings through the -e flag and Function constructors to process data returned from VMs.\n- [DATA_EXFILTRATION]: Host environment variables, including sensitive API keys like OPENAI_API_KEY, are read and seeded into guest VM configuration files, moving secrets across security boundaries.\n- [COMMAND_EXECUTION]: The skill processes untrusted output from guest VMs (Ingestion: prlctl output in scripts/prl-linux-gateway-status-version.sh) without boundary markers. It uses this data in capability-rich environments like Node.js parsing logic with minimal sanitization, creating an indirect prompt injection surface.

parallels-vm