ClawHub

Google Play Store

Security checks across malware telemetry and agentic risk

Overview

This Google Play publishing skill appears purpose-aligned; its main risks are normal release-automation handling of signing credentials and local preference memory, not hidden execution.

Before installing, treat any keystore or Google service-account material used in CI as highly sensitive: use protected secrets, ephemeral runners where possible, avoid uploading generated credential files as artifacts, and delete temporary files after builds. Also review or clear any locally saved release preferences if they include sensitive operational details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The CI example decodes sensitive keystore and service-account material into plaintext files on the runner filesystem without any warning or cleanup guidance. Although common in CI, this increases the chance of accidental exposure through artifact uploads, debugging steps, permissive workspace access, or reuse of self-hosted runners, especially because the skill is specifically about release automation with high-value signing credentials.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill uses very broad activation phrases tied to common topics like 'Play Store', 'Android releases', and 'app publishing', which can cause the skill to activate in conversations where the user did not explicitly request it. That creates a real risk of unintended invocation, especially because the skill also encourages collecting and persisting user preferences early in the interaction.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to save integration preferences and later additional workflow/app information to local files, but it does not clearly tell the user that their data will be stored persistently or obtain consent before doing so. This is dangerous because it can lead to silent retention of potentially sensitive operational details such as app package names, release workflow, policy history, and rejection notes.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal