ClawHub

Apktool

Security checks across malware telemetry and agentic risk

Overview

This is a coherent APK reverse-engineering helper, but its install and APK-modification examples should be used deliberately.

Install this only if you need APK reverse-engineering assistance. Prefer apt, Homebrew, or another trusted package manager; if using the manual scripts, review every sudo/PATH-changing command and verify downloaded releases where possible. Use APK rebuilding, signing, and integrity-check troubleshooting only on apps you own or are authorized to assess.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The guide explicitly suggests '绕过签名校验(高级)' by modifying smali code, which provides operational advice for defeating an application's integrity protections. In the context of an APK reverse-engineering tool, this materially lowers the barrier to tampering with protected apps and goes beyond neutral troubleshooting into evasion guidance.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The install guide instructs users to create system directories under /opt, modify /usr/local/bin, and run an installation script with sudo, but it does not clearly warn that these commands make persistent system-wide changes and elevate privileges. This increases the chance that users will run network-downloaded artifacts as root without understanding the trust and rollback implications.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
fi

# 创建目录
sudo mkdir -p ${INSTALL_DIR}
cd ${INSTALL_DIR}

# 下载文件
Confidence
73% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
# 下载文件
echo "📥 下载 Apktool..."
sudo wget -q --show-progress -O apktool.jar \
    https://github.com/iBotPeaches/Apktool/releases/download/v${APKTOOL_VERSION}/apktool_${APKTOOL_VERSION}.jar
sudo wget -q --show-progress -O apktool \
    https://github.com/iBotPeaches/Apktool/releases/download/v${APKTOOL_VERSION}/apktool_${APKTOOL_VERSION}
Confidence
91% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
echo "📥 下载 Apktool..."
sudo wget -q --show-progress -O apktool.jar \
    https://github.com/iBotPeaches/Apktool/releases/download/v${APKTOOL_VERSION}/apktool_${APKTOOL_VERSION}.jar
sudo wget -q --show-progress -O apktool \
    https://github.com/iBotPeaches/Apktool/releases/download/v${APKTOOL_VERSION}/apktool_${APKTOOL_VERSION}

# 设置权限
Confidence
91% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
https://github.com/iBotPeaches/Apktool/releases/download/v${APKTOOL_VERSION}/apktool_${APKTOOL_VERSION}

# 设置权限
sudo chmod +x apktool

# 创建链接
sudo ln -sf ${INSTALL_DIR}/apktool /usr/local/bin/apktool
Confidence
80% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
sudo chmod +x apktool

# 创建链接
sudo ln -sf ${INSTALL_DIR}/apktool /usr/local/bin/apktool

echo "✅ Apktool 安装完成!"
apktool --version
Confidence
86% confidence
Finding
sudo

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal