parallels-vm

SUSPICIOUS: the skill’s VM automation purpose matches its Parallels/guest-control capabilities, but it combines software installation from website/local HTTP artifacts with forwarding real API credentials into guest-installed OpenClaw flows. That is proportionate for release verification, yet it creates material supply-chain and credential-exposure risk, especially because the installed CLI/artifacts are not fully verifiable from the skill text alone.

This script itself is not overtly malicious: it is a convenience wrapper that downloads and runs a remote installer inside a VM. However, it presents a significant supply-chain risk because it fetches and executes an external installer (defaulting to https://openclaw.ai/install.sh) without any verification. The highest-risk action is remote code execution inside the guest driven by network content and user-supplied options. If the installer or the download mechanism is compromised, arbitrary code could be executed in the VM. Recommend adding integrity verification (signatures or checksums), restricting trusted install URLs, and auditing the installer and prl-linux-lib.sh contents before use.

The fragment constitutes high-risk operational guidance rather than malicious payload. While it does not contain active malware, its privileged paths (daemon installs, onboarding, gateway probes) require rigorous access control, integrity checks, and scoping to prevent misuse or unintended persistence in supply-chain deployments. Treat as high-risk guidance when repurposed into executable code or package workflows; enforce least privilege, validation, and auditing.