Back to skill

Security audit

Skill

Security checks across malware telemetry and agentic risk

Overview

Aster openly provides AI control over an Android phone, but its SMS, calls, files, shell, location, clipboard, and event-forwarding powers are broad enough that users should review it carefully before installing.

Install only if you deliberately want an AI agent to control an Android device. Prefer a spare phone, grant only necessary Android permissions, keep callbacks disabled unless needed, use trusted authenticated callback endpoints, and require explicit confirmation for SMS, calls, file deletion, shell commands, UI automation, device approval, and actions triggered by incoming messages or notifications.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill exposes highly sensitive and potentially destructive capabilities including reading SMS/notifications, accessing location/clipboard/files, executing shell commands, sending messages, placing calls, and deleting files, but the skill content does not present an explicit user-facing warning about the privacy, financial, and data-loss consequences of using those tools. In an agentic context, this increases the chance that a user or downstream agent enables or invokes dangerous actions without informed consent, especially because the skill also supports proactive event forwarding and autonomous device control.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.