ClawHub

Clawmobile Skill

Security checks across malware telemetry and agentic risk

Overview

This Android automation skill is purpose-built, but it needs Review because it can control and record a phone through an API with weak default scoping and limited privacy guidance.

Install only if you are comfortable giving this skill controlled access to an Android device and its visible app contents. Keep the API bound to localhost or a protected network, replace the default token, avoid recording screens with secrets or personal data, and require explicit confirmation before recording, deletion, batch execution, text entry, AI recovery, or remote access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The client deliberately enables anti-detection options such as random_offset and random_delay in generated click tasks. In an Android automation/RPA tool, this can be used to evade app bot-detection or simulate human behavior, which materially increases dual-use risk and goes beyond a neutral transport/client role.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The input-task helper also embeds anti-detection behavior by default, causing text-entry automation to appear less machine-like. Because this skill is designed for mobile interaction and unattended workflows, bundling evasive behavior into default task templates makes abuse against third-party apps more practical.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Broad trigger phrases like generic workflow and automation terms can cause accidental invocation of a high-privilege skill. In the context of a tool that can control Android devices, execute workflows, and record interactions, unintended activation raises real safety and privacy risks.

Vague Triggers

Medium
Confidence
88% confidence
Finding
AI-related triggers are especially risky because terms like '智能决策' or '自动处理异常' are vague and could activate autonomous behavior without clear operator intent. Given this skill's described ability to interact with device UI and recover from unknown states, ambiguity increases the chance of unsupervised or unexpected device actions.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill describes screen recording, screenshot capture, UI tree capture, and HTTP-based device control without prominent privacy, consent, retention, or sensitivity warnings. These features can expose credentials, messages, personal content, and app structure data from a user's device, making the omission materially risky.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The schema explicitly permits a `default_token`, which encourages embedding credentials in configuration and increases the chance of hardcoded secrets being shipped, logged, or reused across environments. In a mobile automation/RPA skill that exposes HTTP API communication, misuse of a default token could enable unauthorized access to automation functions or backend services if operators leave the placeholder in place.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# ClawMobile Skill Python Dependencies

# HTTP Requests
requests>=2.31.0

# YAML Configuration
PyYAML>=6.0
Confidence
96% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0

# YAML Configuration
PyYAML>=6.0

# Optional: Testing dependencies
pytest>=7.0.0
Confidence
98% confidence
Finding
PyYAML>=6.0

Known Vulnerable Dependency: PyYAML — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical
Category
Supply Chain
Confidence
93% confidence
Finding
PyYAML

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal