ClawHub

Mobilerun

Security checks across malware telemetry and agentic risk

Overview

Mobilerun clearly does what it says, but it gives an agent broad control over a real Android phone with some sensitive actions not guarded strongly enough.

Install only if you trust Mobilerun/Droidrun and are comfortable letting an agent view and operate the connected Android device. Prefer a test phone or cloud device for risky workflows, avoid banking, password manager, health, messaging, payment, and account settings screens unless necessary, and require explicit confirmation before app installs or uninstalls, purchases, messages, account changes, webhook setup, or feedback submission. Revoke the API key, disable Accessibility, or log out of Portal when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The invocation description is broad enough to match many generic phone-automation or mobile-help requests, which can cause the skill to activate in contexts where the user did not clearly intend remote device control. Because this skill can operate a real personal phone and access screenshots/UI state, over-broad routing increases the chance of unintended sensitive actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill promotes controlling a real personal phone but does not require an explicit warning or confirmation before performing actions on the device. That is dangerous because screenshots, UI trees, taps, and typing can expose or alter sensitive personal data, trigger transactions, or interact with private apps without sufficiently clear user awareness.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instruction to 'automatically submit feedback with the taskId' encourages sending task-linked metadata to the vendor without explicit user awareness or consent. Because tasks may involve sensitive app activity, credentials context, screenshots, or user workflows, automatic feedback submission can leak behavioral or potentially identifying information to an external service.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documented screenshot and UI-state endpoints can expose highly sensitive on-device data, including visible screen contents, app context, focused fields, and accessibility text that may contain messages, credentials, financial data, or other private information. In a remote phone-control skill, this is inherently dangerous because an agent can silently collect and transmit intimate device state unless the documentation and product controls clearly warn about privacy risks and require explicit user consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Text entry, keypress, and clear-input operations can modify device state and overwrite or erase user-entered content, including messages, search queries, form values, or settings. Without explicit warnings and guardrails, an agent could accidentally or abusively submit data, destroy drafts, or alter account information on a personal device.

Missing User Warnings

High
Confidence
97% confidence
Finding
The uninstall endpoint is a destructive capability that removes applications from the user's device and may cause loss of local app data, sessions, or access to critical tools. In the context of remote control of a personal Android device, documenting this without a prominent warning understates the risk and increases the chance of harmful or unauthorized device modification.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal