Back to plugin
Pluginv1.0.1
ClawScan security
Dexbox Desktop Control · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 2, 2026, 1:16 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements are consistent with its stated purpose of controlling dexbox-managed Windows VMs/RDP sessions; nothing in the package requests unrelated credentials, external endpoints, or unexplained install steps.
- Guidance
- This skill appears coherent with its description, but it grants the agent the ability to send RDP credentials, take screenshots, and run arbitrary PowerShell inside guest VMs — all forwarded to a dexbox server URL (default http://localhost:8600). Before installing: 1) confirm you trust the dexbox binary source (the SKILL.md recommends 'go install' from github.com/getnenai/dexbox); 2) ensure the dexbox server runs locally and is configured to not proxy or leak data externally; 3) avoid registering highly sensitive desktops or reuse of production credentials unless you trust the server and repository; and 4) consider auditing the upstream dexbox server code/config to verify how it stores or transmits credentials and screenshots.
Review Dimensions
- Purpose & Capability
- okName/description match the actual behavior: the plugin calls a local dexbox HTTP server to list/start/stop desktops, take screenshots, send input events, and run PowerShell in guests. The SKILL.md and code both require or suggest installing the dexbox binary (go install github.com/getnenai/dexbox/...), which is appropriate for this functionality.
- Instruction Scope
- noteRuntime instructions and the code only interact with a configurable baseUrl (default http://localhost:8600). Tools accept RDP credentials and arbitrary PowerShell commands that are forwarded to the local dexbox server — this is expected for remote desktop control, but it means the agent will handle and transmit sensitive credentials and arbitrary guest-executed commands to the local server.
- Install Mechanism
- okNo opaque downloads in the plugin itself. The SKILL.md recommends installing dexbox via 'go install' from github.com/getnenai/dexbox which is a common, traceable mechanism. Users should still verify the upstream repository before installing.
- Credentials
- okThe plugin declares no environment variables or unrelated credentials. It does accept RDP username/password in the create_desktop tool (as required for RDP registration). Those credentials are forwarded to the local dexbox server — consistent with purpose but sensitive, so verify the server's trustworthiness.
- Persistence & Privilege
- okThe skill does not request 'always' presence, does not modify other plugins or system configs, and operates only when invoked. It registers runtime tools normally and does not demand elevated platform privileges.