ClawHub

Midscene Automations Skills for Android

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned Android automation, but it gives an agent broad control over a connected device without enough scoping or confirmation guidance.

Install only if you intentionally want an agent to control a connected Android device. Prefer an emulator or test device with test accounts, keep API keys private, avoid sensitive screens, and require explicit approval before raw ADB shell commands, installs or uninstalls, deletion, settings changes, purchases, form submissions, or actions affecting real accounts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list is broad enough to match routine Android-help or QA requests such as 'open app on phone', 'tap', 'swipe', or 'check the app on android', which can invoke a powerful skill that executes ADB-backed device actions. Because this skill can launch apps, input text, and run raw adb shell commands, overly broad routing increases the chance of accidental activation for benign user requests and can lead to unintended device manipulation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The description emphasizes powerful capabilities ('control Android devices', 'perform taps, swipes, text input, app launches') but does not clearly warn that the skill can make destructive or privacy-sensitive changes, including interacting with visible apps and forwarding raw commands to adb shell. In context, this omission is more dangerous because the skill operates on real devices and includes low-level command execution, so users may invoke it without understanding the risk of data loss, configuration changes, or exposure of on-screen sensitive information.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal