ClawHub

Mobilerun

Security checks across malware telemetry and agentic risk

Overview

This phone-automation skill is coherent, but it needs review because it gives an agent and Mobilerun broad ability to observe and control a real Android phone while privacy and destructive-action risks are under-disclosed.

Install only if you are comfortable letting an agent and Mobilerun observe and control a real Android device. Use a non-sensitive device or screen when possible, supervise sessions, disconnect Portal when done, protect and revoke the API key when needed, verify the APK source before granting Accessibility, and require explicit approval before posting, purchasing, changing accounts, typing sensitive text, or installing/uninstalling apps.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (11)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The skill states that 'No data leaves your control,' but its documented behavior sends screenshots, accessibility/UI trees, keystrokes, and app-control requests to a third-party API endpoint. This is a misleading data-handling claim that can cause users to underestimate privacy and security exposure when granting a remote service access to a real phone.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The setup text materially understates the scope of Android accessibility access by claiming it does not grant access to other apps' data, while the same document says it can read on-screen element names and positions across apps. This can mislead users into granting a highly sensitive permission without informed consent, increasing privacy and safety risk.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The description is broad enough to match many ordinary requests involving Android apps, social media, testing, or manual phone tasks, which increases the chance the skill is invoked in contexts the user did not specifically intend. Because this skill enables powerful device control, overbroad activation materially raises the risk of unnecessary access to sensitive phone state and actions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill describes capabilities such as screenshots, UI tree reading, typing, app management, and navigation on a real phone without prominent warnings about privacy-sensitive data or potentially destructive actions. In this context, the absence of cautions is dangerous because the controlled device may expose messages, credentials, personal media, or financial and social-media apps.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The task API allows submitting natural-language goals that can autonomously operate a real device, optionally with installed apps, credentials, files, and even auto-provisioned devices, but the documentation does not prominently warn users about the scope and consequences of those actions. In a skill that gives an agent hands-on phone control, this omission increases the risk of unsafe or unintended actions, especially when users may supply sensitive credentials or assume the task is passive.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documented screenshot and UI-state endpoints enable collection of highly sensitive on-screen data and accessibility metadata from a personal Android device, including visible content, focused fields, app context, and potentially secrets shown in apps. In a skill intended for agent automation, exposing these capabilities without strong consent, privacy warnings, and usage restrictions materially increases the risk of surveillance, credential capture, and over-collection.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The API includes powerful device-control actions such as typing text, launching and stopping apps, clearing input, and uninstalling apps on a personal device, but the documentation does not pair these capabilities with strong safety warnings or confirmation requirements. In an agent skill, that omission can facilitate destructive or privacy-impacting actions, including sending messages, modifying account settings, deleting user input, or removing apps without meaningful user awareness.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
Telling the agent to verify an API key by calling GET /devices omits that this action sends the user's credential to a third-party service and retrieves device/account metadata. Even if necessary for functionality, the lack of disclosure reduces informed consent and may surprise users who think validation is local.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The checklist instructs fetching a device screenshot to test responsiveness without warning that screenshots can capture passwords, messages, financial details, or other sensitive on-screen content. In a phone-control skill, this is especially risky because the device may be a personal phone containing private data from many apps.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
## Before You Start

Do NOT ask the user for an API key or to set up a device before checking. Always probe first:

1. **Resolve the API key:**
   - The key is provided via the `MOBILERUN_API_KEY` environment variable (set by OpenClaw during skill loading)
Confidence
84% confidence
Finding
Do NOT ask the user

Tool Parameter Abuse

High
Category
Tool Misuse
Content
### Uninstall App

```
DELETE /devices/{deviceId}/apps/{packageName}
Content-Type: application/json

{}
Confidence
90% confidence
Finding
DELETE /devices/{deviceId}/apps/{packageName}

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal