by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's code largely matches its stated purpose (controlling sandboxed desktops), but there are inconsistencies and data-exposure risks you should understand before installing.
评估建议
This skill appears to implement the advertised sandbox control functions, but check these before installing:
- Verify the publisher/source and the 'e2b-desktop' Python package on PyPI (or the expected distribution) — the repo/homepage is missing in the metadata.
- Provide an API key (E2B_API_KEY) with minimal privileges and rotate it if you later remove the skill; the registry metadata failing to declare it is an oversight.
- Be cautious about screenshots, VNC stream URLs, and printed AUTH_KEY ...详细分析 ▾
ℹ 用途与能力
Name/description match the included scripts and SDK usage: scripts provide mouse/keyboard, screenshots, run commands, and VNC streaming as advertised. However, the registry metadata lists no required environment variables while the SKILL.md and every script require an E2B_API_KEY (and optionally E2B_SANDBOX_ID). That metadata omission is an inconsistency that could mislead reviewers or automation.
ℹ 指令范围
Runtime instructions and scripts stay within the sandbox domain: they read/write ~/.e2b_state, use E2B_API_KEY, and call the e2b-desktop SDK to control the VM. They also expose sandbox screenshots, stream URLs and (when requested) stream auth keys, and provide a run_command.sh that executes arbitrary shell commands inside the sandbox. Those behaviors are expected for a desktop-control skill but raise data-exfiltration risk (screenshots/streams/printed auth keys) which the SKILL.md demonstrates by sending screenshots to an LLM in an example.
✓ 安装机制
No install spec is included (instruction-only); the SKILL.md asks users to 'pip install e2b-desktop'. The skill itself does not download arbitrary code or use obscure URLs. Risk depends on the external 'e2b-desktop' package provenance (not included here).
⚠ 凭证需求
The scripts require E2B_API_KEY (and may use E2B_SANDBOX_ID / ~/.e2b_state), but the registry metadata declares no required env vars or primary credential. Requiring a service API key is proportionate to the purpose, but the missing declaration is a transparency problem. Also, the skill prints stream auth keys and URLs (sensitive) to stdout which could be captured by whatever calls these scripts.
✓ 持久化与权限
always is false and the skill writes only its own state file (~/.e2b_state). It does not request permanent platform-wide privileges or modify other skills. Note: because disable-model-invocation is false (normal default), an agent allowed to invoke skills autonomously could use this skill to run commands in sandboxes and start streams; combine that with the other concerns when granting autonomous permissions.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/1
Initial release: control E2B cloud Linux desktop with shell scripts for screenshot, mouse/keyboard, VNC stream, and shell commands
● 可疑
安装命令
点击复制官方npx clawhub@latest install e2b-desktop
镜像加速npx clawhub@latest install e2b-desktop --registry https://cn.longxiaskill.com