ClawHub

Mobilerun

Security checks across malware telemetry and agentic risk

Overview

Mobilerun appears to be a real Android phone-control skill, but it needs Review because it asks users to grant very powerful device access with some under-scoped consent and safety guidance.

Install only if you intentionally want Mobilerun/Droidrun to observe and control an Android device. Prefer a dedicated or low-risk phone, verify the APK source before sideloading, disable unknown-sources and Accessibility access when not needed, keep the API key revocable, and require explicit confirmation before sensitive app actions, purchases, account changes, app installs/uninstalls, or feedback submission.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill metadata emphasizes direct phone control, but this API file exposes materially broader capabilities: autonomous task execution, cloud device provisioning, webhooks, and feedback submission. This scope expansion increases risk because an agent or user may invoke higher-impact remote actions than expected, including unattended automation and outbound integrations, without those capabilities being clearly bounded in the manifest.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The instruction to automatically submit feedback for every task is unrelated to the core phone-control function and creates an unnecessary data flow to the vendor. Because task-linked feedback can encode details about what the user asked the agent to do, it risks disclosing sensitive usage metadata without a clear need or explicit approval.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The invocation description is very broad and can cause the skill to be selected for many ordinary phone-related requests, including ones involving sensitive apps or private data. In this context, overbroad routing is risky because the skill enables remote control of a real Android device and access to screenshots and UI trees, expanding the chance of unintended activation on sensitive workflows.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The phrase 'or anything else you'd normally do by hand' creates an unbounded catch-all that makes activation criteria ambiguous. Because this skill can remotely observe and manipulate a real phone, ambiguous scope increases the risk of the agent applying powerful device-control actions to requests that did not clearly ask for that level of access.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Automatically transmitting feedback with a taskId lacks a user-facing warning that task-related data is being sent to an external service. This is dangerous because users may reasonably expect phone automation actions to stay within the control plane, not be repurposed for telemetry or product-improvement submissions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documented screenshot and UI-state endpoints can expose highly sensitive on-screen content, including messages, account details, one-time codes, notifications, and accessibility text, yet the documentation provides no privacy warning, consent requirement, or guidance on limiting collection. In the context of a remote phone-control skill, this materially increases the risk of covert surveillance and over-collection of personal data from a user's device.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The uninstall endpoint performs a destructive action that may remove applications and potentially user data or app state, but the documentation presents it without any warning, confirmation guidance, or restriction language. In a phone-control skill, destructive device-management operations are especially risky because an agent could remove security, banking, messaging, or productivity apps from a personal device without sufficient user awareness.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation explicitly directs users to download and install an APK from a GitHub release outside the Play Store and normalizes Android's malware/unknown-source warnings with 'This is normal' and 'Install anyway.' Even if the app is legitimate, this reduces user caution around sideloading and does not clearly explain the risks of installing unsigned or tampered binaries from outside a trusted app store.

Missing User Warnings

High
Confidence
97% confidence
Finding
The instructions tell users to enable an Accessibility Service and tap 'Allow' without clearly warning that this permission can read screen contents, observe interactions, and perform actions on the device. In the context of a remote-control phone automation skill, this permission is especially sensitive because compromise or misuse could expose credentials, messages, financial data, or allow unauthorized actions.

Ssd 3

Medium
Confidence
95% confidence
Finding
Task-linked feedback can expose task details, outcomes, or identifiers that may reveal sensitive user intent, app usage, or operational context. In a skill that can control real devices and run AI tasks, even metadata about executed tasks can be privacy-sensitive, making silent disclosure materially risky.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal