Back to skill

Security audit

Scrcpy Claw

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Android automation skill, but it can broadly control a connected phone and lacks clear safeguards for sensitive or destructive actions.

Install only if you intentionally want an agent to control a connected Android device. Prefer a test device or test accounts, keep sensitive apps closed, and require manual review before messaging, form entry, clipboard paste, APK install, app uninstall, app data clearing, wireless ADB, screen recording, or script playback.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises broad Android control capabilities including touch input, app management, screenshots, clipboard access, notifications, and AI-driven automation, but provides no safety notice about operating on real user devices, sensitive data exposure, or destructive actions. In a device-control skill, that omission materially increases the chance of unsafe use, especially because users may run automation against personal phones containing messages, credentials, and private content.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README provides automation examples for launching apps, entering text, and later includes message-sending workflows, but does not warn that these actions can transmit data, trigger purchases, modify accounts, or perform irreversible operations if coordinates or UI detection are wrong. Because this skill is explicitly designed for remote control and automation, example code can be copied directly into real-world use without users appreciating the operational and privacy risks.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The AI automation and script playback features are documented as broadly executing natural-language tasks and replaying recorded actions, but there is no warning that these operations can change device settings, send input, delete data, or trigger irreversible actions. In this context, omission of safety constraints increases the chance of unsafe or unintended execution by users or higher-level agents.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The remote-control and messaging examples show the skill interacting with user apps and composing content, but they omit warnings about privacy, consent, and the risk of acting on sensitive personal data visible on the device. Because the skill can control arbitrary apps, this context makes the omission more dangerous than a generic automation example.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
`clear_app_data` performs a destructive operation that wipes an app's local state with no confirmation, policy check, or safety interlock. In an automation/control skill, this is dangerous because a mistaken instruction, prompt injection in an upstream agent flow, or misuse by another tool can silently cause data loss on the connected device.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
`uninstall` removes an app from the device without any confirmation or safeguard. In the context of a remote Android-control skill, that creates a real risk of accidental or induced destructive actions, including removal of business-critical or security-relevant applications.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
This code can start a scrcpy server, push binaries to a device, and establish a control channel without any built-in confirmation, authorization gate, or safety warning. In an agent skill context, that increases the risk of unintended or coerced remote control of a connected Android device, including input injection, app launching, clipboard manipulation, and device state changes.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes broad phrases such as "control android", "phone control", "adb command", and "scrcpy", which can cause the skill to be invoked for loosely related requests. In a high-risk device-control skill, unintended invocation is dangerous because it can lead to execution of ADB-backed actions on a connected Android device when the user did not clearly intend to grant device control.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.