ClawHub

Claw Use — Device Control for AI Agents

Security checks across malware telemetry and agentic risk

Overview

This skill appears to enable broad remote control of a physical device, including automatic unlock behavior, without enough user-facing safety boundaries.

Review carefully before installing. Use it only if you intentionally want an agent to control a device and potentially see private screen or notification content. Prefer configurations that require explicit approval for unlocking, reading sensitive data, typing, launching apps, opening URLs, and invoking intents; avoid using it on devices with personal accounts or sensitive notifications unless those controls exist.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly documents a broad set of remote device-control capabilities, including reading screen contents, notifications, launching apps, typing text, opening URLs, and issuing platform-specific intents, but it provides no safety constraints, consent requirements, privacy warnings, or usage boundaries. In the context of an AI agent skill, this materially increases the risk of unauthorized surveillance, impersonation, data exposure, and harmful real-world actions because an agent is given powerful actions over a physical device with little guidance on safe use.

Natural-Language Policy Violations

High
Confidence
97% confidence
Finding
The statement that locked devices 'auto-unlock before any command' normalizes bypassing the device's lock state as a transparent background behavior rather than a separately authorized, security-sensitive action. That is dangerous because the lock screen is a primary trust boundary protecting physical-device data and actions; automatic unlocking enables an agent or attacker with API access to access private content and execute commands without an explicit user presence or approval step.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal