Back to skill
Skillv1.0.0
VirusTotal security
Phone agent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 4:59 AM
- Hash
- ffa15482ea32a92244344f483d3956522d84551f675a67c35189f7b0147e92ce
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: phone-agent-skill Version: 1.0.0 The skill provides extensive control over an Android device (tap, type, swipe, launch apps, screenshots, read UI text) via a user-configured `PHONE_AGENT_ENDPOINT`. While the `SKILL.md` instructions themselves do not contain explicit malicious commands or prompt injection attempts, the inherent capability for automated mobile device control is high-risk. The reliance on a user-defined local endpoint (`PHONE_AGENT_ENDPOINT`) could become a vulnerability if misconfigured to point to a malicious external service or if the local service itself is compromised, allowing potential unauthorized actions or data exfiltration through the agent's capabilities.
- External report
- View on VirusTotal