vm0-computer

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill explicitly sets up a local HTTP/WebSocket proxy that gives sandboxed code direct WebDAV and CDP access to the user's local filesystem (including read, write, delete and recursive listing) using an auth token—functionality that enables easy data exfiltration, credential theft, and remote file manipulation and can be abused as a backdoor to compromise the host.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs the agent to write and run a local proxy process and to read, write, move, and delete arbitrary files on the user's machine via WebDAV, which directly modifies host state and can compromise the machine.