ClawHub

手机操控 Agent (蓝蓝版)

Security checks across malware telemetry and agentic risk

Overview

This skill openly controls a USB-connected Android phone, but its broad device-changing powers need careful review before use.

Install only if you intentionally want OpenClaw to control a USB-connected Android phone through ADB. Prefer a test or secondary device, keep sensitive apps closed, manually confirm any message, purchase, payment, deletion, public post, or account change, and turn off USB debugging after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger description is very broad (`操控手机`, `执行 App 操作`, `打开应用`, `发送消息`) and overlaps with common user requests, making accidental invocation plausible. In this skill's context, accidental activation is more dangerous because the skill can perform real-world actions on a connected personal device, including sending messages and manipulating apps.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documentation advertises high-impact capabilities such as sending messages, tapping arbitrary UI coordinates, and force-stopping apps, but provides no explicit warning, approval flow, or misuse boundaries. Because the target is a connected smartphone containing personal apps and communications, omission of user-risk prompts materially raises the chance of unintended privacy, integrity, and availability harm.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The function exports a full UI hierarchy from the connected phone to a local XML file in a temporary path without any notice, consent check, retention limit, or cleanup. UI dumps can contain sensitive text, app structure, resource IDs, and metadata from messaging, banking, or authentication screens, so silent collection materially increases privacy and data-exposure risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal