ClawHub

mobile-master

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Android reverse-engineering skill, but its powerful device-control scripts have unsafe argument handling and weak safeguards.

Install only for authorized Android security testing on a dedicated test device. Before using it, patch the shell helpers to invoke Frida with quoted arguments or arrays, validate package and script names, avoid broad app-name matching, run from a disposable working directory, and stop frida-server plus remove ADB port forwarding when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The invocation scope is extremely broad, covering reverse engineering, Frida bypass, unpacking, signing, manifest extraction, and installation restriction bypass without clear trigger conditions or safety boundaries. Such ambiguity can cause the skill to be invoked in contexts involving unauthorized app tampering or intrusive device actions, making misuse easier and oversight harder.

Missing User Warnings

Medium
Confidence
74% confidence
Finding
The script can launch an app on a connected device and immediately dump its DEX files without any explicit warning, consent prompt, or target validation beyond a grep match. In a reverse-engineering skill this behavior is contextually expected, but it still creates meaningful risk of extracting proprietary code or operating on the wrong app/device, especially in shared or production-connected environments.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script copies AndroidManifest.xml into the current working directory using a fixed filename and no existence check, so an existing file can be silently overwritten. In a reverse-engineering workflow this can cause accidental data loss or confusion about which manifest is being analyzed, especially if run from a project directory containing a real AndroidManifest.xml.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script builds a shell command string using unquoted user input (`package` and `script`) and then executes it via `$cmd`, which causes the shell to re-parse the contents. An attacker supplying crafted arguments containing shell metacharacters could achieve command injection and run arbitrary commands on the host. In a mobile reverse-engineering skill, users are expected to pass external package/script names, which increases exposure rather than reducing it.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal