ClawHub

Mobilerun

Security checks across malware telemetry and agentic risk

Overview

Mobilerun is a disclosed Android phone-control skill with powerful access that is central to its purpose, but users should treat it as live control of a real device.

Install only if you intend to let an agent view and operate a connected Android device. Avoid broad requests around messages, public posts, purchases, banking, crypto, or account settings; give precise instructions, require confirmation before irreversible actions, and disconnect the Portal app or revoke Accessibility permission when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Vague Triggers

High
Confidence
95% confidence
Finding
The skill is configured to auto-load for extremely broad phone-related requests, which can cause it to activate in many ordinary conversations and expose powerful device-control capabilities unnecessarily. In context, this skill can read screens, type, launch apps, and submit autonomous tasks on a live device, so over-broad triggering materially increases the chance of unintended sensitive actions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to use a pre-provisioned API key without informing the user at the point of use that stored credentials will be used to access an external service. Because the key enables control of connected devices and access to screenshots/UI state, silent credential use undermines informed consent and can surprise users with live actions against their devices.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The introductory guidance encourages immediate execution on a ready device and screen inspection without an up-front warning that the agent may view or act on a live phone containing sensitive personal information. In this context, screenshots, UI trees, messages, and app contents may contain highly sensitive data, so skipping a clear warning increases privacy and consent risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instructions direct users to enable an Android accessibility service that can read screen contents and perform device actions, but they do not give a clear, explicit warning about the sensitivity and security implications of granting this permission. In a phone-control skill, this omission is especially risky because accessibility access effectively grants broad surveillance and control capability over the device, increasing the chance that users will consent without understanding the exposure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The examples explicitly normalize reading WhatsApp messages and sending Telegram messages without any visible mention of user consent, confirmation, or privacy safeguards. In a phone-control skill, this is dangerous because it encourages high-risk actions involving private communications that could be misused for surveillance, impersonation, or unauthorized disclosure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
These examples include accessing calendar data, notes, and especially banking information, all of which are sensitive personal or financial data, without warning about privacy, authorization, or risk. Because this skill is specifically designed for direct mobile-device control, such examples materially increase the chance of unsafe use against highly sensitive apps and data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal