ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

VAGUS MCP

v1.0.0

Connect to the user's Android phone via the VAGUS MCP server. Read phone sensors (motion, location, environment), device state (battery, connectivity, screen...

0· 354·0 current·0 all-time
byEmbodied Systems@embodiedsystems-org
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (phone connection, sensors, device actions) matches the instructions: pairing, reading sensor/notification/clipboard resources, and invoking phone actions (haptic, TTS, notify, sms, calendar). Required binary (node) is appropriate. No unrelated credentials or system-level access are requested.
Instruction Scope
The SKILL.md explicitly instructs the agent to read/write session files (~/.openclaw/vagus-session.json), run node scripts under the skill folder, subscribe to continuous sensor streams, and write focused JSONL captures to disk. These steps are consistent with the claimed purpose but involve reading highly sensitive data (location, notifications, clipboard) and performing potentially impactful actions (send SMS, create calendar events, open URLs). The instructions reference user-granted permissions in the mobile app — ensure the user knowingly enables these.
Install Mechanism
This is an instruction-only skill (no install spec). README suggests installing by running scripts/install.sh or git-cloning https://github.com/vagus-mcp/openclaw-skill and running npm install. That implies pulling third-party code and npm dependencies at install time — a plausible approach but a supply-chain risk unless the repository and packages are verified.
Credentials
No environment variables or unrelated credentials are requested. The skill does require network access (relay.withvagus.com referenced) and the VAGUS Android app to grant runtime permissions (location, notifications, clipboard, SMS, etc.), which are proportionate to its capabilities but sensitive.
Persistence & Privilege
The skill is not force-included (always:false). However, DAEMON_GUIDE recommends running long-lived baseline and focused daemons that subscribe continuously and write raw sensor files to disk; this persistent behavior increases the blast radius if abused. The skill itself doesn't request platform-level privileges beyond running Node and writing to user-space paths, but persistent background monitoring is functionally powerful.
Assessment
This skill appears to do what it says (connect to an Android phone and read/act on sensors), but it handles very sensitive data and can perform actions on the device (SMS, notifications, clipboard, calendar). Before installing: 1) Verify the upstream repository and homepage (confirm https://withvagus.com and the GitHub repo are legitimate). 2) Inspect scripts/vagus-connect.js and any packages listed in package.json before running npm install to avoid supply-chain risks. 3) Only enable the VAGUS app permissions you trust (e.g., avoid enabling SMS/calendar if not required). 4) Be cautious about running the recommended always-on daemons — run them under supervision or in an environment where you control logs/storage. 5) Do not share pairing codes or session files with untrusted parties. If you cannot review the remote code or confirm the service, treat this as higher risk and avoid installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f5816dkm80p92esjtw2amw58209m5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📱 Clawdis
Binsnode

Comments