Skill
Security checks across malware telemetry and agentic risk
Overview
Aster is coherently a mobile-control skill, but it gives an agent broad ability to read from and act through a phone, including calls, SMS, files, UI automation, shell commands, and wake-up webhooks.
Install this only if you intentionally want an AI agent to control an Android device. Prefer a spare phone, limit Android permissions and MCP tools, disable or tightly restrict proactive callbacks, require confirmation for calls/SMS/file deletion/shell/UI actions, and verify the external npm package and Android APK before use.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent error, prompt injection, or overly broad task could send texts, initiate calls, manipulate apps, delete files, or run device-side commands.
The skill exposes broad MCP tools that can mutate phone state, communicate externally, automate apps, delete files, and run shell commands, while explicitly advertising autonomous phone use.
give your AI a dedicated phone and let it call, text, and act on its own ... `aster_send_sms` ... `aster_make_call` ... `aster_input_gesture` ... `aster_delete_file` ... `aster_execute_shell`
Use a spare or dedicated phone, require explicit confirmation for SMS, calls, file deletion, shell, and UI automation, and restrict tool access to only the actions you actually need.
Sensitive notifications or messages may be delivered into agent workflows automatically, and malicious or misleading message content could influence subsequent agent actions.
Private phone event content, including notification text, can be pushed into the agent context and wake the agent immediately; the visible artifact does not describe webhook authentication, filtering, or untrusted-content handling.
Aster can push real-time events from the phone to your AI agent via webhook ... The AI reads the `message` field ... `wakeMode` — always `"now"` ... `[data-text] Hey, are you free tonight?`
Enable callbacks only to a trusted authenticated endpoint, filter which event types are forwarded, treat notification/SMS text as untrusted data, and avoid automatic follow-up actions without confirmation.
Granting these permissions can expose personal messages, notifications, location, clipboard contents, and on-screen app data to the agent.
The skill requires or uses sensitive Android capabilities and accessibility-level device interaction. This is aligned with the mobile-control purpose, but it is a significant permission boundary.
Uses the official Android Accessibility Service API ... `aster_read_notifications` ... `aster_read_sms` ... `aster_get_location` ... `aster_get_clipboard`
Grant only the Android permissions needed for your intended use, prefer a dedicated device with minimal personal data, and review permissions regularly.
You must trust the external package and Android release to implement the documented privacy and safety controls.
The setup depends on an external npm package and Android APK that were not included as code files in the supplied scan context. This is normal for this kind of integration but leaves the runnable implementation outside this review.
npm install -g aster-mcp aster start ... Install the Aster Android app ... from Releases
Pin and verify the npm package and APK version, review the upstream repository and release signatures or checksums when available, and install only from the official project source.