ClawHub

Mobile Appium Test

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate Android Appium testing guide, but it normalizes Appium relaxed-security mode without enough warning or scoping.

Install only if you are comfortable with an agent helping control a test Android device. Prefer starting Appium bound to localhost without relaxed security, use relaxed security only temporarily in an isolated test environment when a specific test requires it, avoid Wi-Fi debugging on untrusted networks, and avoid collecting screenshots or logs from personal or sensitive apps.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly documents `appium --relaxed-security` as a normal startup option without warning that it disables important Appium security restrictions and can expose powerful server-side features. In a skill intended to guide users through real-device automation, presenting this as routine usage increases the chance operators run a more permissive Appium server than necessary.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The typical workflow instructs users to start Appium with `--relaxed-security` as the standard procedure, which normalizes insecure deployment. Because workflows are likely to be copied verbatim, this materially increases exposure to abuse of insecure Appium capabilities, especially if the server is later rebound, proxied, or used in shared environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal