Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
hubstudio
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a legitimate HubStudio reference/automation skill, but it exposes broad control over a logged-in HubStudio account and devices without strong built-in confirmations.
Install only if you want an agent to help control HubStudio resources through your logged-in desktop client. Avoid running `testAll` on a real account, require explicit confirmation before create/delete/shell/ADB/upload/app operations, and do not share command outputs that may contain device or ADB connection details.
Static analysis
Destructive delete command
Warn
- Finding
- Documentation contains a destructive delete command without an explicit confirmation gate.
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
Install untrusted source
Warn
- Finding
- Install source points to URL shortener or raw IP.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
If invoked by the agent or copied by a user, the skill can change or delete HubStudio resources or run commands on cloud phones.
Why it was flagged
The generated command set exposes high-impact HubStudio operations, including batch cloud-phone deletion and cloud-phone shell command execution, through the same generic CLI interface.
Skill content
"command": "postV1CloudMobileDelMobileBatch" ... "summary": "批量删除云手机" ... "command": "postV1CloudMobileExeCommand" ... "summary": "执行shell命令"
Recommendation
Use this only with explicit user approval for mutating commands; add an allowlist/read-only mode and confirmation gates for delete, shell, ADB, upload, app install/uninstall, and account/group changes.
What this means
Running the all-endpoint test against a real HubStudio account could trigger unintended changes or noisy operations across browsers, cloud phones, apps, groups, or accounts.
Why it was flagged
`testAll` iterates over every generated endpoint and sends POST requests automatically, so one smoke-test command can attempt many account/device operations.
Skill content
for (const cmd of COMMANDS) {
const result = await post(cmd.path, cmd.defaultBody || {}, cmd.defaultQuery || {});
}Recommendation
Do not run `testAll` on a production account unless the endpoints are explicitly allowlisted or mocked; make smoke tests read-only or require per-endpoint confirmation.
What this means
The agent may be able to act with the user's HubStudio privileges, affecting environments, cloud phones, accounts, and groups.
Why it was flagged
The local API calls operate in the context of the user's logged-in HubStudio client and cover broad workspace/account domains, while the registry metadata does not declare a primary credential.
Skill content
Install and open HubStudio client on your machine, then log in. ... Browser Environment ... Cloud Phone ... Environment Management ... Account Management ... Group Management
Recommendation
Install only if you intend to grant broad HubStudio account control; document the credential/session dependency in metadata and require explicit approval for account, billing-like, deletion, shell, and ADB operations.
What this means
Running the demo may execute local commands on the user's machine.
Why it was flagged
A provided demo script uses local shell command execution. This can be normal for an automation demo, but the full context should be reviewed before running it.
Skill content
const output = execSync(cmd, { encoding: "utf8" });Recommendation
Review the demo script and run it only from a trusted checkout; avoid passing untrusted input into any shell command.