Back to skill

Security audit

Adb Claw

Security checks across malware telemetry and agentic risk

Overview

This appears to be an Android device-control skill, but its device-wide and privacy-sensitive powers need clearer activation and consent boundaries.

Install only if you intend to let an agent operate a connected Android device. Require explicit confirmation before screenshots, audio capture, UI monitoring, shell commands, file transfer, app install/uninstall, data clearing, or long-running monitoring, and avoid unattended use on a personal device with sensitive apps or accounts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger list is broad and likely to auto-activate this skill for many generic Android-related requests, including ones involving screenshots, monitoring, shell access, app management, and audio capture. In an agent setting, overbroad invocation increases the chance that high-privilege device-control capabilities are used without sufficiently explicit user intent or safety gating.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises sensitive capabilities including screenshots, live UI text monitoring, system audio capture, shell execution, file transfer, app lifecycle control, and device manipulation, but the early-facing description does not consistently require user warnings or consent before privacy- or integrity-impacting actions. In context, this is more dangerous because the skill is designed for autonomous agent use and exposes capabilities that can access highly sensitive personal device data or alter device state.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.