Skillv1.0.0

ClawScan security

Phone agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 4, 2026, 12:25 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions match a phone-automation purpose, but its registry metadata omits required runtime pieces (adb and PHONE_AGENT_ENDPOINT) and the skill asks the agent to control a live device — verify missing declarations and the SDK source before use.
Guidance: This skill appears to do what it says (drive an Android device through a local AutoGLM Phone Agent), but its registry metadata omits important runtime requirements. Before installing or invoking it: - Treat it as able to perform ANY UI action on a connected device. Use only test devices/accounts and never a personal device with sensitive data. - The SKILL.md expects adb in PATH and an env var PHONE_AGENT_ENDPOINT pointing at a locally running Phone Agent service—ask the publisher to add these to the declared requirements, or set them manually in a controlled environment. - Verify the AutoGLM Phone Agent SDK you install is from a trusted source (the README points to https://github.com/zai-org/Open-AutoGLM; confirm repository authenticity and review its code). - Run the SDK and test commands manually (adb devices, curl the endpoint) before letting the agent invoke the skill autonomously. - Be careful granting overlay/accessibility permissions on devices; those permissions allow broad UI control and can be abused. If the publisher cannot or will not update the metadata to list required binaries and the PHONE_AGENT_ENDPOINT env var, treat the omission as a red flag and prefer manual, sandboxed testing only.

Review Dimensions

Purpose & Capability: concernThe SKILL.md describes legitimate mobile automation capabilities (tap, swipe, screenshots) consistent with the stated purpose. However, the registry metadata declares no required binaries or env vars while the instructions explicitly require adb in PATH, the AutoGLM Phone Agent SDK, and an endpoint exposure (PHONE_AGENT_ENDPOINT). The mismatch between declared requirements and actual runtime needs is a material incoherence.
Instruction Scope: okThe instructions stay inside the stated domain: they direct the agent to interact with an AutoGLM Phone Agent backend and an Android device via adb and the SDK. They do not instruct the agent to read unrelated host files or secrets. They do, however, require the agent to be able to reach a local HTTP service and to perform real UI actions on a connected device, which is expected for this skill but carries device-level risk.
Install Mechanism: okThis is an instruction-only skill with no install spec or code files, which reduces filesystem/install risk. The SKILL.md references installing an external SDK and running its agent, but the skill itself does not pull or install code — the user/administrator must install the SDK separately.
Credentials: concernThe runtime instructions require environment configuration (PHONE_AGENT_ENDPOINT) and adb availability, but these are not declared in the skill metadata (requires.env and required binaries are empty). While the skill does not request cloud credentials or secrets, it does ask the operator to grant overlay/accessibility permissions on devices — appropriate for automation but sensitive. The missing declarations reduce transparency about what the skill will need access to.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or global agent settings. Model invocation is allowed (default), which is normal for skills that perform actions; combined with the ability to control a device this increases blast radius but is expected for an automation skill.