Back to skill

Security audit

Longarm Control

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it gives an agent broad remote control over an Android device with screenshots, app launches, batch automation, and deletion commands that need careful review before use.

Install only if you trust the Longarm app and endpoint, control the Android device, and are comfortable letting an agent remotely operate it. Use it on a trusted network, protect LONGARM_TOKEN, avoid capturing screens with passwords or private messages, review batch tasks before running them, and be especially careful with delete and bulk history-clear commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill encourages screenshot capture and export of batch-history screenshots from a user's Android device without warning that screenshots may contain credentials, messages, financial data, or other sensitive on-screen content. In a remote-control skill, this context makes the omission more dangerous because the feature is central to the workflow and can enable silent collection or retention of private device data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents remote app launching, URL opening, and multi-step automation on an Android device without warning that these actions can change device state, trigger purchases, send messages, alter settings, or navigate to phishing content. Because this skill is specifically for remote device control, the lack of guardrails materially increases the risk of harmful or unintended actions being performed through normal use.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The MCP reference documents destructive operations such as `batch_delete` and `batch_history_delete` without any warning, confirmation guidance, or indication that these actions can permanently remove saved tasks and screenshots. In a remote-control skill, omission of safety caveats materially increases the chance that an agent or user will invoke irreversible actions unintentionally, leading to data loss and reduced auditability.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script sends device-control requests, screenshots, batch data, and an optional bearer token to a user-supplied LONGARM_URL without enforcing HTTPS, validating the destination, or warning about insecure transport. In this skill’s context, that is meaningful because the tool controls a real Android device and can exfiltrate sensitive screenshots or leak the authorization token to a hostile or intercepted endpoint.

External Transmission

Medium
Category
Data Exfiltration
Content
AUTH=(-H "Authorization: Bearer ${LONGARM_TOKEN}")
fi

get() { curl -fsS "${AUTH[@]}" -H "Accept: application/json" "${BASE}$1"; }
download() { curl -fsS "${AUTH[@]}" "${BASE}$1" -o "$2"; }
delete() { curl -fsS "${AUTH[@]}" -X DELETE -H "Accept: application/json" "${BASE}$1"; }
post() { curl -fsS "${AUTH[@]}" -X POST -H "Content-Type: application/json" -H "Accept: application/json" -d "$2" "${BASE}$1"; }
Confidence
90% confidence
Finding
curl -fsS "${AUTH[@]}" -H "Accept: application/json" "${BASE}$1"; } download() { curl -fsS "${AUTH[@]}" "${BASE}$1" -o "$2"; } delete() { curl -fsS "${AUTH[@]}" -X DELETE -H "Accept: application/json"

Tool Parameter Abuse

High
Category
Tool Misuse
Content
batch-history) get /api/batch/history; echo ;;
  batch-history-get) [[ $# -ge 1 ]] || die "batch-history-get needs: RUN_ID"; get "/api/batch/history/$1"; echo ;;
  batch-history-delete) [[ $# -ge 1 ]] || die "batch-history-delete needs: RUN_ID"; delete "/api/batch/history/$1"; echo ;;
  batch-history-clear) delete /api/batch/history; echo ;;
  batch-shot) [[ $# -ge 2 ]] || die "batch-shot needs: RUN_ID SHOT_ID [OUT.png]"; out="${3:-longarm-batch-shot.png}"; download "/api/batch/history/$1/screenshots/$2" "$out"; echo "saved $out" ;;
  batch-export) [[ $# -ge 1 ]] || die "batch-export needs: RUN_ID [OUT.zip]"; out="${2:-longarm-batch-screenshots.zip}"; download "/api/batch/history/$1/export" "$out"; echo "saved $out" ;;
  *) die "unknown command '$cmd' (run: longarm.sh help)" ;;
Confidence
76% confidence
Finding
delete /api/batch/history;

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.