Security Risks of KDE Plugins/Themes?

I have my eyes on a few KDE plugins, themes, add-ons. Before I compromise my system, security experts please chime in:

I imagine add-ons need to be installed in dom0?

Where/what could an add on like this compromise:

Firefox addon for kwallet KDE4

Or this:


How is QuickWebShortcuts going to work when dom0 has no network connectivity?

kwallet seems sketchy.

I believe KeePassXC is the de facto password manager for most Qubes and Linux users.

Not sure. But damn… would it speed up my workflow if I can make it work.

Could it be done using this:

Or possibly wire it up to work inside an appVM?
(Would that have to be a standalone to do that?)

Actually, it’s much easier than that.

I just realized that qvm-run essentially allows you to run commands from dom0 in any VM. It’s not just for starting apps. For example, in dom0 (or Krunner), you can use:

qvm-run <appVM> 'touch hello.txt'  

and it will create a document called hello.txt in the home directory of <appVM>. It’s the same as opening a terminal in <appVM> and typing ‘touch hello.txt’

So… just use:

qvm-run <appVM> 'open'

and <appVM> will start and the default browser for <appVM> will open and go to duckduckgo. :slight_smile:


I was going to write a bunch of scripts that take inputs (like a web search), and opens the url with the search param replaced in the URL, but I can’t figure out how to get it to trigger using a Krunner 2 or 3 letter abbreviation?

That shouldn’t be too hard. Just concatenate your search term input at the end of

and the search results will open in the browser.

You could have the VM name and search term as inputs to route searches to different VMs. Maybe post something here if you get something running?


Maybe there is a hotkey or shortcut plugin for Krunner?

So far hotkeying it should be pretty easy to do with a custom shortcut. If you know of a way to wire it up to Krunner with a 2 letter abbreviation let me know. Maybe there’s a Krunner plugin for scripts. With the ability to set text abbreviation triggers?

1 Like