Back to skill

Security audit

Ghosthand-Skill

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Ghosthand guide for a local Android control runtime, with sensitive capabilities disclosed and purpose-aligned but worth using carefully.

Install only if you trust the separate Ghosthand Android runtime. Keep Ghosthand permissions and policy narrow, avoid running it while unrelated sensitive content is visible or copied, and require explicit confirmation before purchases, account changes, message sending, deletions, or public posting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly includes `/clipboard` as a usable sensing/transport primitive but provides no privacy boundary, consent requirement, or minimization guidance. Because clipboard contents often contain passwords, OTP codes, addresses, and other secrets, normalizing clipboard reads in an agent skill increases the risk of unnecessary collection or disclosure of sensitive user data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill authorizes use of `/notify` to read or post notifications but does not warn that notifications may expose private messages, OTPs, account alerts, and other personal information from multiple apps. In an agent-control context, omission of consent and data-handling limits can lead to overcollection or accidental disclosure of highly sensitive information.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The screenshot guidance encourages visual capture for truth verification but omits any warning that screenshots can capture passwords, financial data, health information, messages, and other sensitive on-screen content. Since screenshots provide broad, high-fidelity collection beyond the immediate target element, lack of privacy constraints materially raises data-exposure risk.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The reference explicitly documents clipboard read/write and notification read/post/cancel capabilities without any privacy warning, consent guidance, or mention of sensitive-data handling. In an agent skill that controls a local Android runtime, these routes can expose or manipulate user secrets, messages, OTP codes, and other sensitive content, so omission of guardrails materially increases the chance of unsafe use.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.