Phone agent
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed phone-automation skill, but it gives an agent broad real-device control and screen-reading ability with only limited guardrails.
Install only if you intentionally want Codex to control an Android device. Prefer an emulator or dedicated test phone with test accounts, keep the backend local and trusted, require explicit confirmation before purchases, posts, deletions, account, privacy, or security changes, and revoke accessibility or overlay permissions when finished.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.