Honestly, I wouldn’t even trust them. If the malware’s goal is to get into your local network it will have achieved that on a virtual machine. And as far as I know there have also been ways to break out of a virtual machine. Probably fixed by now, but who knows what else lurks there.