ClawHub

Claw Use Android

Security checks across malware telemetry and agentic risk

Overview

This skill appears to provide powerful Android phone control, but it includes under-scoped flows for sideloading apps, granting broad permissions, storing an unlock PIN, and automating unrelated third-party app activity.

Install only if you intentionally want an agent to have broad control over an Android device. Do not use the APK sideloading, auto-unlock, SMS/contacts/location/camera/microphone, file deletion/write, or blanket permission flows without explicit human approval and a trusted target app/source. Treat any stored device PIN as a high-value secret.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
This flow automates downloading an APK over LAN via insecure HTTP, explicitly bypasses browser safety warnings ('保留'), and proceeds through package installation dialogs. In a skill with no declared legitimate software-deployment purpose, this creates a strong capability for silent sideloading of untrusted software onto the device.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The flow navigates to app settings and instructs the agent to authorize all permissions for an arbitrary target app. Bulk permission granting is dangerous because it can enable access to sensitive data and device capabilities without contextual need or user consent, especially when the skill has no defined purpose justifying this behavior.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The Duolingo section automates lesson progression and answer selection, including a loop for continuous course completion. While not directly enabling device compromise, it is unrelated to any declared skill purpose and facilitates unauthorized automation of third-party app interactions, which can violate platform rules and user expectations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This section documents access to highly sensitive device capabilities including clipboard, camera, contacts, SMS, location, and arbitrary file read/write/delete, but does not pair them with explicit user-consent, least-privilege, or data-handling warnings. In a phone-control skill, these capabilities materially increase the risk of privacy breach, data exfiltration, fraud, or destructive actions if an agent is misused or prompted unsafely.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation instructs operators to store the device PIN and enable automatic unlock, which turns the system into a credential-retaining remote control channel for unlocking a physical device. If the controlling host, config store, or network path is compromised, an attacker could unlock the phone and access everything protected by the lock screen.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill recommends automated granting of a broad set of powerful Android permissions, including location, camera, microphone, SMS, phone, contacts, and calendar, without emphasizing the privacy and abuse implications. Combining broad permissions with remote HTTP control and accessibility automation creates a large attack surface for surveillance, impersonation, and unauthorized data access.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The flow guidance tells the agent to prefer direct execution and skip step-by-step reasoning while including sensitive software installation behavior, but provides no requirement for user warning or approval. That combination increases the risk that dangerous installation actions occur automatically and opaquely.

Missing User Warnings

High
Confidence
98% confidence
Finding
This permission flow is designed to grant every permission to a target app without any warning about privacy, security, or system impact. Automatically approving broad permissions can expose contacts, storage, microphone, camera, location, accessibility, or other high-risk capabilities to apps that may not need them.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal