← 返回 Skills 市场
0xfratex

Virtual Box Manager

作者 0xFratex · GitHub ↗ · v0.0.1
cross-platform ⚠ suspicious
780
总下载
0
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install virtualboxmanager
功能描述
Control and manage VirtualBox virtual machines directly from openclaw. Start, stop, snapshot, clone, configure and monitor VMs using VBoxManage CLI. Supports...
安全使用建议
This skill appears to do what it claims: it runs VBoxManage commands to manage VMs and does not request unrelated secrets or installs. Before installing, ensure VBoxManage/VirtualBox is installed and that you run the skill under an account with only the necessary local privileges. Be cautious with inputs you provide to the skill (VM names, paths, descriptions, ports) because the helper uses shell execution (child_process.exec) and could be vulnerable to command injection if given untrusted strings—avoid passing untrusted or unsanitized input. Note also an optional VBOXMANAGE_PATH environment variable can override the binary path; if you want to lock behavior, set or audit that environment variable. If you need stronger guarantees, review the scripts/virtualbox-utils.ts code or run the skill in a restricted environment.
功能分析
Type: OpenClaw Skill Name: virtualboxmanager Version: 0.0.1 The skill bundle is classified as suspicious due to a critical shell injection vulnerability in `scripts/virtualbox-utils.ts`. The `vboxCommand` function directly interpolates user-controlled arguments into `child_process.exec` calls without proper sanitization or escaping. This flaw allows an attacker to inject arbitrary shell commands, potentially leading to remote code execution on the host system where the OpenClaw agent is running. While this is a severe vulnerability, there is no clear evidence of intentional malicious behavior (e.g., data exfiltration, backdoor installation) within the provided code, aligning it with a 'suspicious' classification rather than 'malicious'.
能力评估
Purpose & Capability
Name/description, SKILL.md, and the included helper script all focus on driving the VBoxManage CLI and VM lifecycle. The only required binary listed is VBoxManage, which is appropriate and expected for this functionality.
Instruction Scope
Instructions and the helper code issue many shell commands via child_process.exec to run VBoxManage. That is necessary for this skill, but executing commands built from user-provided values can allow shell injection if callers pass untrusted input. The SKILL.md and code do not show explicit input sanitization—exercise caution when supplying arbitrary strings (paths, VM names, descriptions, ports, etc.).
Install Mechanism
No install spec is provided (instruction-only skill with a helper script). Nothing is downloaded or written to disk by an installer, which keeps install risk low.
Credentials
The skill declares no required environment variables but the code checks process.env.VBOXMANAGE_PATH as an optional override for the VBoxManage binary. This is reasonable, but the environment variable is not listed in the metadata; users should be aware an env override exists.
Persistence & Privilege
always is false and there are no requested config paths or credentials. The skill does not request persistent elevated privileges or modify other skills' configuration.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install virtualboxmanager
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /virtualboxmanager 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.1
Control and manage VirtualBox virtual machines directly from openclaw. Supports full lifecycle management including VM creation, network configuration, shared folders, and performance monitoring.
元数据
Slug virtualboxmanager
版本 0.0.1
许可证
累计安装 3
当前安装数 3
历史版本数 1
常见问题

Virtual Box Manager 是什么?

Control and manage VirtualBox virtual machines directly from openclaw. Start, stop, snapshot, clone, configure and monitor VMs using VBoxManage CLI. Supports... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 780 次。

如何安装 Virtual Box Manager?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install virtualboxmanager」即可一键安装,无需额外配置。

Virtual Box Manager 是免费的吗?

是的,Virtual Box Manager 完全免费(开源免费),可自由下载、安装和使用。

Virtual Box Manager 支持哪些平台?

Virtual Box Manager 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Virtual Box Manager?

由 0xFratex(@0xfratex)开发并维护,当前版本 v0.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论