ClawHub

Hospital Android Adb

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Android automation skill for booking 医联 appointments; it is purpose-aligned but needs careful user confirmation because it can submit a real medical appointment and force-stop another app.

Install only if you intend to let the agent control an Android device via ADB/uiautomator2 for 医联 appointment booking. Before use, confirm the target hospital, department, patient, date/time, and SMS code manually, and require explicit approval before the final '确定预约' tap. Be aware it may force-stop the 12306 app during setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The manifest description explicitly says 'Uses uiautomator2 only — no Appium needed,' which communicates a constrained implementation approach. However, the file instructs use of subprocess-driven ADB commands to force-stop another app and launch the target app, so the documented behavior is broader than the manifest claims.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
This is an active contradiction, not mere incompleteness: the document is highly tailored to the 医联 app, including package identifiers, activity names, UI text, fixed coordinates, and booking flow steps. Saying no app-specific scripts are needed conflicts with the clearly app-specific automation instructions provided throughout the file.

Missing User Warnings

Low
Confidence
93% confidence
Finding
This markdown instructs the operator to force-stop the 12306 app via ADB, which can interrupt another running app and potentially discard in-progress user activity. Although it notes a technical conflict, it does not clearly warn the user about the operational impact of forcibly terminating another app before doing so.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes tapping the final "确定预约" button to complete a medical appointment booking, which is a real-world action affecting user data and scheduling. While it mentions SMS verification and checking details, it does not explicitly warn that this step finalizes the booking and should only be done with the user's confirmation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal