Android Armor Breaker

Security checks across malware telemetry and agentic risk

Overview

This is a transparent Android reverse-engineering skill, but it needs review because it can control rooted devices, bypass app protections, read app memory, and has unsafe package-name handling in ADB shell commands.

Install only for authorized Android security research on a disposable emulator or dedicated test device. Treat package names and APK paths as trusted input, review or patch package-name validation before use, expect local extraction of app code or memory, and avoid personal or production devices.

SkillSpector

By NVIDIA

Vulnerability Patterns

Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (47)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: # 检查应用特征 try: # 检查应用是否快速崩溃（强反调试特征） result = subprocess.run( ["adb", "shell", f"timeout 2 am start -n {package_name}/.MainActivity"], capture_output=True, text=True,
Confidence: 96% confidence
Finding: result = subprocess.run( ["adb", "shell", f"timeout 2 am start -n {package_name}/.MainActivity"], capture_output=True, text=True,

subprocess module call

Medium

Category: Dangerous Code Execution
Content: ) # 检查是否有特定文件或特征 result2 = subprocess.run( ["adb", "shell", f"pm path {package_name}"], capture_output=True, text=True,
Confidence: 95% confidence
Finding: result2 = subprocess.run( ["adb", "shell", f"pm path {package_name}"], capture_output=True, text=True, timeout=5

subprocess module call

Medium

Category: Dangerous Code Execution
Content: try: # 1. 检查应用是否仍在运行 result = subprocess.run( ["adb", "shell", f"pidof {package_name}"], capture_output=True, text=True,
Confidence: 95% confidence
Finding: result = subprocess.run( ["adb", "shell", f"pidof {package_name}"], capture_output=True, text=True, timeout=5 )

subprocess module call

Medium

Category: Dangerous Code Execution
Content: # 2. 检查应用稳定性（5秒后是否仍在运行） time.sleep(5) result2 = subprocess.run( ["adb", "shell", f"pidof {package_name}"], capture_output=True, text=True,
Confidence: 95% confidence
Finding: result2 = subprocess.run( ["adb", "shell", f"pidof {package_name}"], capture_output=True, text=True, tim

subprocess module call

Medium

Category: Dangerous Code Execution
Content: try: # 先停止应用 subprocess.run( ["adb", "shell", f"am force-stop {package_name}"], capture_output=True, timeout=5
Confidence: 86% confidence
Finding: subprocess.run( ["adb", "shell", f"am force-stop {package_name}"], capture_output=True, timeout=5 )

subprocess module call

Medium

Category: Dangerous Code Execution
Content: time.sleep(1) # 启动应用 result = subprocess.run( ["adb", "shell", f"monkey -p {package_name} -c android.intent.category.LAUNCHER 1"], capture_output=True, text=True,
Confidence: 90% confidence
Finding: result = subprocess.run( ["adb", "shell", f"monkey -p {package_name} -c android.intent.category.LAUNCHER 1"], capture_output=True, text=True

subprocess module call

Medium

Category: Dangerous Code Execution
Content: def get_package_pid(self, package_name: str) -> Optional[int]: """获取应用进程PID""" try: result = subprocess.run( ["adb", "shell", f"pidof {package_name}"], capture_output=True, text=True,
Confidence: 87% confidence
Finding: result = subprocess.run( ["adb", "shell", f"pidof {package_name}"], capture_output=True, text=True, timeout=5 )

subprocess module call

Medium

Category: Dangerous Code Execution
Content: self.log("getting_package_pid", package=package_name) try: result = subprocess.run( ["adb", "shell", f"pidof {package_name}"], capture_output=True, text=True,
Confidence: 95% confidence
Finding: result = subprocess.run( ["adb", "shell", f"pidof {package_name}"], capture_output=True, text=True, timeout=5 )

subprocess module call

Medium

Category: Dangerous Code Execution
Content: # pidof失败，尝试使用ps命令 self.log("pidof_failed_trying_ps", "WARNING") ps_result = subprocess.run( ["adb", "shell", f"ps -A | grep {package_name}"], capture_output=True, text=True,
Confidence: 99% confidence
Finding: ps_result = subprocess.run( ["adb", "shell", f"ps -A | grep {package_name}"], capture_output=True, text=True, timeout=5

subprocess module call

Medium

Category: Dangerous Code Execution
Content: try: # 先停止应用（确保干净启动） subprocess.run( ["adb", "shell", f"am force-stop {package_name}"], capture_output=True, timeout=5
Confidence: 95% confidence
Finding: subprocess.run( ["adb", "shell", f"am force-stop {package_name}"], capture_output=True, timeout=5 )

subprocess module call

Medium

Category: Dangerous Code Execution
Content: time.sleep(1) # 启动应用 result = subprocess.run( ["adb", "shell", f"monkey -p {package_name} -c android.intent.category.LAUNCHER 1"], capture_output=True, text=True,
Confidence: 96% confidence
Finding: result = subprocess.run( ["adb", "shell", f"monkey -p {package_name} -c android.intent.category.LAUNCHER 1"], capture_output=True, text=True

subprocess module call

Medium

Category: Dangerous Code Execution
Content: bypass = AntiDebugBypass(verbose=self.verbose, language=self.language) # 首先停止应用以确保干净状态 subprocess.run( ["adb", "shell", f"am force-stop {package_name}"], capture_output=True, timeout=5
Confidence: 95% confidence
Finding: subprocess.run( ["adb", "shell", f"am force-stop {package_name}"], capture_output=True, timeout=5 )

subprocess module call

Medium

Category: Dangerous Code Execution
Content: self.log("starting_frida_injection", "INFO") # 尝试获取PID（如果应用已在运行） pid_result = subprocess.run( ["adb", "shell", f"pidof {package_name}"], capture_output=True, text=True,
Confidence: 95% confidence
Finding: pid_result = subprocess.run( ["adb", "shell", f"pidof {package_name}"], capture_output=True, text=True, timeout=5

subprocess module call

Medium

Category: Dangerous Code Execution
Content: self.log("getting_package_pid", package=package_name) try: result = subprocess.run( ["adb", "shell", f"pidof {package_name}"], capture_output=True, text=True,
Confidence: 98% confidence
Finding: result = subprocess.run( ["adb", "shell", f"pidof {package_name}"], capture_output=True, text=True, timeout=5 )

subprocess module call

Medium

Category: Dangerous Code Execution
Content: try: # 先停止应用 subprocess.run( ["adb", "shell", f"am force-stop {package_name}"], capture_output=True, timeout=5
Confidence: 98% confidence
Finding: subprocess.run( ["adb", "shell", f"am force-stop {package_name}"], capture_output=True, timeout=5 )

subprocess module call

Medium

Category: Dangerous Code Execution
Content: # 启动应用并监控 start_time = time.time() result = subprocess.run( ["adb", "shell", f"monkey -p {package_name} -c android.intent.category.LAUNCHER 1"], capture_output=True, text=True,
Confidence: 98% confidence
Finding: result = subprocess.run( ["adb", "shell", f"monkey -p {package_name} -c android.intent.category.LAUNCHER 1"], capture_output=True, text=True

subprocess module call

Medium

Category: Dangerous Code Execution
Content: try: # 策略1:使用pidof获取PID(最快) result = subprocess.run( ["adb", "shell", f"pidof {package_name}"], capture_output=True, text=True,
Confidence: 98% confidence
Finding: result = subprocess.run( ["adb", "shell", f"pidof {package_name}"], capture_output=True, text=True, timeout=10 )

subprocess module call

Medium

Category: Dangerous Code Execution
Content: # 策略2:pidof失败,使用ps -A | grep(兼容多进程/进程名隐藏) self.log("pidof_failed_trying_ps", "WARN") ps_result = subprocess.run( ["adb", "shell", f"ps -A | grep {package_name}"], capture_output=True, text=True,
Confidence: 99% confidence
Finding: ps_result = subprocess.run( ["adb", "shell", f"ps -A | grep {package_name}"], capture_output=True, text=True, timeout=10

subprocess module call

Medium

Category: Dangerous Code Execution
Content: continue # 策略3:使用ps -A | grep -v grep(更精确) ps_result2 = subprocess.run( ["adb", "shell", f"ps -A | grep -v grep | grep {package_name}"], capture_output=True, text=True,
Confidence: 99% confidence
Finding: ps_result2 = subprocess.run( ["adb", "shell", f"ps -A | grep -v grep | grep {package_name}"], capture_output=True, text=True,

subprocess module call

Medium

Category: Dangerous Code Execution
Content: try: # 先停止应用(确保干净启动) subprocess.run( ["adb", "shell", f"am force-stop {package_name}"], capture_output=True, timeout=10
Confidence: 98% confidence
Finding: subprocess.run( ["adb", "shell", f"am force-stop {package_name}"], capture_output=True, timeout=10 )

subprocess module call

Medium

Category: Dangerous Code Execution
Content: time.sleep(2) # 启动应用 result = subprocess.run( ["adb", "shell", f"monkey -p {package_name} -c android.intent.category.LAUNCHER 1"], capture_output=True, text=True,
Confidence: 98% confidence
Finding: result = subprocess.run( ["adb", "shell", f"monkey -p {package_name} -c android.intent.category.LAUNCHER 1"], capture_output=True, text=True

subprocess module call

Medium

Category: Dangerous Code Execution
Content: try: # 使用pidof获取PID result = subprocess.run( ["adb", "shell", f"pidof {package_name}"], capture_output=True, text=True,
Confidence: 96% confidence
Finding: result = subprocess.run( ["adb", "shell", f"pidof {package_name}"], capture_output=True, text=True, timeout=10 )

subprocess module call

Medium

Category: Dangerous Code Execution
Content: try: # 先停止应用（确保干净启动） subprocess.run( ["adb", "shell", f"am force-stop {package_name}"], capture_output=True, timeout=10
Confidence: 96% confidence
Finding: subprocess.run( ["adb", "shell", f"am force-stop {package_name}"], capture_output=True, timeout=10 )

subprocess module call

Medium

Category: Dangerous Code Execution
Content: time.sleep(2) # 启动应用 result = subprocess.run( ["adb", "shell", f"monkey -p {package_name} -c android.intent.category.LAUNCHER 1"], capture_output=True, text=True,
Confidence: 96% confidence
Finding: result = subprocess.run( ["adb", "shell", f"monkey -p {package_name} -c android.intent.category.LAUNCHER 1"], capture_output=True, text=True

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill advertises and documents powerful capabilities including shell execution, file read/write, environment inspection, ADB control, Frida injection, and root-based memory extraction, but does not declare explicit permissions. This creates a dangerous mismatch between what a reviewer or platform might expect and what the skill is capable of doing, reducing transparency and increasing the risk of misuse or unsafe execution in privileged environments.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal