ClawHub

Droidrun Agent

Security checks across malware telemetry and agentic risk

Overview

This skill clearly documents Android device-control features, but it should only be used with trusted devices, tokens, and explicit approval for sensitive actions.

Install or use this only if you intend to let an agent control an Android device through DroidRun Portal. Keep PORTAL_TOKEN private, use a trusted network, avoid exposing the Portal service publicly, and require explicit confirmation before APK installs, text entry, port changes, or actions that could reveal private screen contents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill exposes high-risk capabilities including screenshot capture, UI state retrieval, text input, app launching/stopping, and APK installation, but the documentation does not warn that these actions may access sensitive user data or materially alter the device state. In an agent context, lack of explicit consent/confirmation guidance increases the chance that an LLM or integrator will invoke these operations on real devices without appropriate user awareness or guardrails.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The MCP tool list makes sensitive device-control and data-access functions directly available to agent frameworks without documenting confirmation requirements, privacy expectations, or restrictions on high-impact actions like screenshots, app control, and APK installation. Because MCP tools are designed for autonomous agent use, omission of these warnings makes the skill more dangerous by encouraging direct exposure of powerful operations to automation layers.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal