Back to skill

Security audit

ClawPhone Phone Control

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill openly enables broad phone control, including reading screens and operating logged-in apps, but it does not set clear approval boundaries for sensitive actions like sending messages.

Install only if you intentionally want an agent to control your phone. Before using it, set explicit rules that it must ask before sending messages, making purchases, deleting data, changing settings, or acting inside logged-in apps, and avoid clipboard-based input for secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.