Ghosthand-Skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Ghosthand-Skill is a coherent instruction-only guide for a local Android-control API, but users should recognize that it can let an agent view and operate phone UI, clipboard, screenshots, and notifications.
This skill appears benign and purpose-aligned for controlling a local Ghosthand Android runtime. Before installing, make sure you trust the Ghosthand runtime itself, review its Android permissions and policy, and give the agent explicit limits for sensitive actions such as purchases, account changes, message sending, or reading private notifications.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill may tap, type, scroll, navigate, or otherwise operate the phone UI.
These routes allow an agent to interact with and navigate an Android device. This is central to the skill's stated purpose, but it is still high-impact control that users should intentionally authorize.
- semantic or coordinate interaction: `/click`, `/tap`, `/input`, `/type`, `/setText`, `/scroll`, `/swipe`, `/longpress`, `/gesture` - app and navigation control: `/back`, `/home`, `/recents`
Use it only with a trusted Ghosthand runtime and give the agent clear boundaries; require user confirmation for purchases, account changes, destructive actions, or public posting.
If Ghosthand has broad Android permissions, the agent may inherit practical ability to observe or control sensitive device surfaces.
The skill explicitly relies on delegated Android permissions and Ghosthand policy. That is purpose-aligned, but users should understand that Android authorization can expose privileged device functions.
A capability is usable only when both are true: - Android/system authorization exists - Ghosthand policy allows the capability
Review Ghosthand's Android permissions and policy settings before use, and grant only the capabilities needed for the task.
The agent may see private on-screen content, copied secrets, messages, or notifications while operating the device.
The local API can expose screenshots, clipboard contents, and notifications through the agent/runtime boundary. This is expected for Android automation, but the data may be sensitive.
`GET /screenshot` / `POST /screenshot` — screenshot retrieval when visual truth is needed; ... `GET /clipboard` / `POST /clipboard` — clipboard read/write `GET /notify` / `POST /notify` / `DELETE /notify` — notification read/post/cancel
Avoid using the skill while unrelated sensitive content is visible or in the clipboard, and restrict Ghosthand access to trusted local agents.
This review covers the skill instructions, not the provenance or implementation of the external Ghosthand Android runtime.
The skill package does not identify an upstream source or homepage. Because the actual Ghosthand runtime is not included in this instruction-only skill, users should verify that runtime separately.
Source: unknown Homepage: none
Install or run Ghosthand only from a trusted source and review its own permissions, policy, and network exposure.