Android Cli

Security checks across malware telemetry and agentic risk

Overview

This Android CLI helper is instruction-only and its device, SDK, and tooling actions fit its stated Android development purpose.

Install this only if you want an agent to operate Android CLI and ADB workflows. Prefer emulators or test devices, review journey XML before execution, avoid screenshots on sensitive screens, and confirm exact SDK package, emulator, skill, or update source before allowing removal or update commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Low

Confidence: 86% confidence
Finding: This markdown file documents `android sdk remove <pkg-name>` as a normal operation but does not warn that it removes packages from the local SDK and may affect builds or development environments. Under the markdown-specific SQP-2 criteria, destructive or system-affecting behavior should include some user-facing warning about impact.

Missing User Warnings

Low

Confidence: 79% confidence
Finding: The skill tells users to update the Android CLI with `android update` but does not disclose that this changes the installed CLI version and could affect workflow stability or compatibility. For markdown guidance, operations that alter the system toolchain should include a warning about the modification and its impact.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal