ClawHub

adb controller

Security checks across malware telemetry and agentic risk

Overview

This skill is an ADB remote-control helper, but it gives broad device-control authority with unclear target scoping and automatic screenshot handling.

Install only if you are comfortable letting an agent run broad ADB commands on a trusted Android device. Verify the target device before use, review commands that could install apps, delete data, read files, or change settings, and avoid showing sensitive content because screenshots are captured and saved after actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tainted flow: 'adb_server' from os.environ.get (line 15, credential/environment) → subprocess.run (code execution)

Medium
Category
Data Flow
Content
if adb_server:
        # If it looks like an IP address/port, attempt to connect first
        if ":" in adb_server:
            subprocess.run(["adb", "connect", adb_server], capture_output=True)
        base_cmd.extend(["-s", adb_server])
        
    cmd = base_cmd + args
Confidence
86% confidence
Finding
subprocess.run(["adb", "connect", adb_server], capture_output=True)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation description is broad enough to match many generic user requests involving phones, text entry, taps, or actions, which can cause the skill to trigger in situations where the user did not intend direct device control. Because this skill executes ADB commands on a configured device, overbroad routing increases the risk of unintended command execution on a real device.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill automatically captures and sends a screenshot after every action, but that behavior is not disclosed in the top-level description. Screenshots can expose sensitive on-device content such as messages, authentication prompts, personal data, or enterprise apps, so failing to warn users meaningfully increases privacy and data-exposure risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script automatically captures a full device screenshot after every command and stores it on disk under the user's workspace. Screenshots can contain highly sensitive information such as messages, credentials, personal photos, MFA prompts, or enterprise data, and the user is only informed after the capture has already occurred.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal