android build tool

Security checks across malware telemetry and agentic risk

Overview

This skill is related to Android setup, but it downloads and runs an unverified external executable and forwards arguments through an unsafe shell command.

Review before installing. Only use this in a disposable or well-contained development environment, verify the GitHub release binary independently, and avoid passing untrusted project paths or arguments until the wrapper uses safe subprocess execution and pinned integrity checks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (7)

os.system() or os exec-family call

High

Category: Dangerous Code Execution
Content: # Execute pi command try: result = os.system(' '.join(args)) sys.exit(result) except Exception as e: print(f"Error executing pi: {e}")
Confidence: 99% confidence
Finding: result = os.system(' '.join(args))

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The skill claims to manage Android SDKs, but instead downloads and executes an unrelated binary named 'pi' from a GitHub release. This mismatch between declared purpose and actual behavior is highly suspicious because it can conceal arbitrary code execution under a benign-looking tool description.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The script forwards user-supplied command-line arguments into a downloaded external binary and executes it, despite that capability not being justified by the Android SDK management context. This gives the downloaded program broad control over user input and execution flow, effectively turning the skill into a launcher for untrusted code.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The invocation description is broad enough to trigger on many mobile-project or environment-management requests, increasing the chance the skill is invoked in contexts where users did not intend software download, environment mutation, or command execution. In combination with network and shell capability, overbroad triggering materially raises the attack surface and likelihood of unsafe activation.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The usage section instructs users to run commands that may download software, change environment variables, and build code, but it provides no warnings about the associated trust, security, or system-modification risks. In this context, omission of warnings is dangerous because the skill operates on developer machines and project directories, where builds and environment changes can execute untrusted project logic or persist unsafe configuration.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The script silently downloads an executable to disk with only a generic status message and no meaningful disclosure, consent, or authenticity check. Users may unknowingly place and trust a new executable in the skill directory, creating supply-chain and social-engineering risk if the release is replaced or the repository is compromised.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The code executes the downloaded binary without a clear warning that external code will run on the host system. In this skill context, that is more dangerous because the manifest suggests benign Android SDK setup, so users are less likely to expect arbitrary program execution and may grant trust they otherwise would not.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal