Security audit
ClawPhone Phone Control
Security checks across malware telemetry and agentic risk
Overview
This instruction-only skill openly enables broad phone control, including reading screens and operating logged-in apps, but it does not set clear approval boundaries for sensitive actions like sending messages.
Install only if you intentionally want an agent to control your phone. Before using it, set explicit rules that it must ask before sending messages, making purchases, deleting data, changing settings, or acting inside logged-in apps, and avoid clipboard-based input for secrets.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
